How To Install Lynis on Ubuntu (20.04 & 22.04) : A Complete Security Auditing Guide

System security is no longer optional—especially for Linux servers that handle production workloads, sensitive data, or public-facing services. Ubuntu, while secure by default, still requires regular auditing to identify misconfigurations, outdated packages, and potential vulnerabilities.

One of the most popular and trusted tools for Linux security auditing is Lynis. It is an open-source security scanner designed for Unix-based systems that helps administrators harden their servers and comply with security best practices.

In this guide, you’ll learn how to install Lynis on Ubuntu, run security audits, understand the results, and apply hardening recommendations effectively.

What Is Lynis?

Lynis is a security auditing and compliance testing tool developed by CISOfy. It performs an in-depth scan of your system and evaluates:

• System security configuration
• Installed software and services
• Kernel parameters
• User authentication settings
• File system permissions
• Logging and auditing configurations

Lynis is widely used by:

• System administrators
• DevOps engineers
• Security teams
• Compliance auditors

It supports standards such as ISO27001, PCI DSS, and general Linux hardening benchmarks.

Why Use Lynis on Ubuntu?

Installing Lynis on Ubuntu provides several key benefits:

• Detect security weaknesses early
• Improve system hardening posture
• Meet compliance requirements
• Lightweight and fast execution
• No system modification during scans

Lynis performs read-only audits, meaning it will never change your system automatically—making it safe for production environments.

Prerequisites

Before installing Lynis on Ubuntu, ensure the following:

• Ubuntu 20.04, 22.04, or newer
• Root or sudo privileges
• Internet access (for repository installation)

You can verify your Ubuntu version with:

lsb_release -a

Method 1: Install Lynis Using APT (Recommended)

The easiest and most reliable way to install Lynis is via the official APT repository.

Step 1: Update System Packages

sudo apt update && sudo apt upgrade -y

Keeping your system updated ensures compatibility and security.

Step 2: Install Lynis

sudo apt install lynis -y

Ubuntu’s official repositories include a stable version of Lynis suitable for most users.

Step 3: Verify Installation

Check if Lynis is installed correctly:

lynis --version

If installed successfully, you’ll see the version number displayed.

Method 2: Install Lynis From Official GitHub Repository

This method is useful if you want the latest Lynis version.

Step 1: Install Git (If Not Installed)

sudo apt install git -y

Step 2: Clone the Lynis Repository

cd /opt
sudo git clone https://github.com/CISOfy/lynis.git

Step 3: Run Lynis

cd /opt/lynis
sudo ./lynis audit system

This method does not require installation; Lynis runs directly from the directory.

How To Run a Lynis Security Audit

Once Lynis is installed, running a full audit is straightforward.

Basic System Audit

sudo lynis audit system

This command performs a comprehensive scan of your Ubuntu system and displays results in real time.

Run Lynis in Non-Interactive Mode

Useful for automation or scripts:

sudo lynis audit system --quiet

Understanding Lynis Audit Results

After the scan completes, Lynis provides a summary including:

1. Warnings

Warnings indicate security issues that should be fixed immediately.

Example:

• Weak SSH configuration
• Missing firewall rules

2. Suggestions

Suggestions are best-practice improvements that enhance security but are not critical.

Example:

• Enable additional logging
• Improve password policies

3. Hardening Index

At the end of the scan, you’ll see a score like:

Hardening index : 68 [##########        ]

• 0–40: Weak security
• 40–70: Average security
• 70–90: Good hardening
• 90+: Excellent security posture

Where Lynis Stores Logs and Reports

Lynis saves logs automatically for later review:

• Log file:

  /var/log/lynis.log

• Report file:

  /var/log/lynis-report.dat

These files are extremely useful for compliance audits and historical tracking.

Applying Lynis Hardening Recommendations

Lynis does not automatically fix issues. Instead, it provides actionable recommendations.

Example: SSH Hardening

If Lynis suggests improving SSH security, you might:

• Disable root login
• Change default SSH port
• Enforce key-based authentication

Always review changes carefully before applying them to production systems.

Automating Lynis Scans with Cron

For regular security audits, you can automate Lynis using cron.

Example: Weekly Scan

Edit crontab:

sudo crontab -e

Add:

0 2 * * 0 /usr/bin/lynis audit system --quiet

This runs Lynis every Sunday at 2 AM.

Lynis vs Other Security Tools

Tool	Purpose	Auto Fix
Lynis	Security auditing & hardening	❌
OpenVAS	Vulnerability scanning	❌
ClamAV	Malware detection	✅
Fail2Ban	Brute-force protection	✅

Lynis works best when combined with other security tools.

Best Practices When Using Lynis

• Run audits after system changes
• Keep Lynis updated regularly
• Do not blindly apply all suggestions
• Document changes for compliance
• Test changes in staging first

Common Issues and Troubleshooting

Lynis Permission Errors

Always run Lynis as root:

sudo lynis audit system

Missing Commands Warnings

Install missing utilities recommended by Lynis:

sudo apt install net-tools auditd

Conclusion

Installing Lynis on Ubuntu is one of the simplest yet most effective ways to improve your server security posture. With minimal setup, Lynis provides deep insights into system weaknesses and practical hardening recommendations—without modifying your system automatically.

Whether you manage a single Ubuntu server or an enterprise infrastructure, Lynis should be part of your regular security routine.