Open source auditing with Lynis
Lynis is an open source security auditing tool. Commonly used by system administrators, security professionals and auditors, to evaluate the security defenses of their Linux/Unix based systems. It runs on the host itself, so it performs more extensive security scans than vulnerability scanners.
In this podcast recorded at the Black Hat USA 2015 Arsenal, Michael Boelen, the creator of Lynis, talks about how his tool is flexible and easy to use. It is one of the few tools, in which installation is optional. Just copy it onto the system and give it a command like “audit system” to run the security scan. It is written in shell script and released as open source software.
If you’re interested in learning more about the development process and the lessons Boelen learned over the years, check out this article.