Lynis is a system and security auditing tool.
It provides insights in how well a system is hardened and what you can do, to improve your security defenses.
suggest people using it daily & compare the results for example: https://linux-audit.com/find-differences-between-two-daily-lynis-audits
Installation steps:
cd /tmp wget https://cisofy.com/files/lynis-2.5.0.tar.gz tar xvfz lynis-2.5.0.tar.gz mv lynis cd
Move all contents of /tmp/cd into /usr/local/lynis
WARNING: Make sure that the lynis file is 775 or else you will get a perm denied.
To scan the server first do a update!
lynis update info
Then to actually scan the system:
lynis audit system
Once the scan is over you will get a System Scan Summary.
Lynis suggests also a very good things that might be tampered to make the system more secure.
Lynis supports plugins, reporting, central management, a dashboard, and more.
sysctl -a lynis show lynis –tests “SSH-7440” lynis show help lynis update info systemctl status -all