installing lynis on ubuntu 16.04 notes

Security auditing on Ubuntu 16.04? If not you should be. One great tool you can use in your arsenal is Lynis security auditing. Yes this is completely redundant with OSSEC wazuh and third party Cloud Trail audits, but there is no harm in triple checking.

Why the paranoia? Because you can’t completely rely on any one system imho so human spot checks, particularly on your endpoints (or honeypots #heh) is an essential part of the process. Plus at AWS you can create a temp “hot” AMI and tear the thing apart while it is in an ACL/Security Group cage, and then delete it without an attacker ever knowing.

Regarding Lynis security auditing, the ubuntu apt package for lynis (e.g. apt install) is still on version 2.1 and the current version is 2.6. First off 2.6 is much faster. Secondarily it gives a lot fewer false positives on Ubuntu 16.04.

My notes from:

# auditing -posts age CHECK THE LINK ABOVE
sudo su
apt install lynis
wget -O - | sudo apt-key add -
apt install apt-transport-https
echo 'Acquire::Languages "none";' | sudo tee /etc/apt/apt.conf.d/99disable-translations
echo "deb xenial main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list
apt update
apt upgrade
lynis show version

Again – check your version! Note I specified xenial in my notes, because that particular server is on xenial. You might not be. Read the Lynis docs. And happy auditing!