Automic VaultAutomic Vault

brew

Install lynis with Homebrew, apk, apt, dnf, MacPorts, Nix, pacman, zypper

Security and system auditing tool to harden systems. Version 3.1.7 via Homebrew; verified 2026-06-25.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install lynis

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install lynis

MacPorts ports tree · security/lynis/Portfile · source: api.github.com

Linux

Alpine Linux apkverified · 92%
sudo apk add lynis

Alpine Linux edge package indexes · lynis · source: dl-cdn.alpinelinux.org

Debian aptverified · 92%
sudo apt install lynis

Debian stable package indexes · lynis · source: deb.debian.org

Fedora dnfverified · 92%
sudo dnf install lynis

Fedora Rawhide package metadata · lynis · source: dl.fedoraproject.org

Nixverified · 92%
nix profile install nixpkgs#lynis

nixpkgs package indexes · pkgs/by-name/ly/lynis/package.nix · source: api.github.com

Arch Linux pacmanverified · 92%
sudo pacman -S lynis

Arch Linux sync databases · lynis · source: geo.mirror.pkgbuild.com

openSUSE zypperverified · 92%
sudo zypper install lynis

openSUSE Tumbleweed package metadata · lynis · source: download.opensuse.org

overview

Package summary

Security and system auditing tool to harden systems

Commands and aliases

  • lynis

history

Project history and usage

Lynis is an open source Unix-like system security auditing and hardening tool. It gathers security information, runs checks, and reports warnings and suggestions for administrators, auditors, security specialists, and system maintainers.

Project history

The official README traces Lynis development to May 2007, with Michael Boelen as author from 2007 to 2013 and CISOfy carrying development from 2013 onward. The project is GPLv3-licensed, written as shell scripts, and maintained at CISOfy with public development on GitHub.

Lynis was designed to run directly from an unpacked directory as well as from installed packages. Its README and documentation emphasize broad Unix coverage rather than one distribution: Linux, BSD variants, macOS, Solaris, AIX, and related Unix-like systems are all part of the supported-audit story.

The changelog shows ongoing maintenance into the 2020s, with releases adding OS detection, end-of-life databases, malware and file-integrity checks, macOS checks, package-manager checks, and many platform-specific hardening tests.

Adoption history

Lynis has unusually broad packaging for a security-audit shell tool. The batch package metadata lists Alpine, Homebrew, Debian, Fedora/DNF, MacPorts, Nix, Arch, Ubuntu, and openSUSE/Zypper, while the upstream docs also mention CISOfy package repositories and custom RPM package building.

CISOfy built a commercial ecosystem around the open source tool through Lynis Enterprise, using Lynis scans as the local audit engine while adding centralized reporting, monitoring, compliance features, dashboards, and support. That commercial/open-source split helped keep Lynis relevant both as a package-manager tool and as a managed audit component.

How it is used

The common interactive workflow is `lynis audit system`, often run as root for a full audit. The documentation also covers quick or quiet scans, cron jobs, update checks, viewing profiles and settings, and reading `/var/log/lynis.log` after a scan to interpret findings.

Lynis uses profiles as its configuration model. The FAQ says profiles are usually stored in `/etc/lynis` or discoverable with `lynis show profiles`; the default profile warns users to put local changes in `custom.prf` beside `default.prf` rather than editing the default file.

Why package nerds care

Lynis matters to package people because it is both a packaged security utility and a package-system inspector. Its checks know about APT/dpkg, RPM/YUM, pacman, zypper, apk, Homebrew, and other platform details, so keeping it current means tracking operating-system churn, package-manager behavior, and hardening expectations across many Unix-like systems.

Timeline

  • 2007: Lynis development begins under Michael Boelen.
  • 2013: CISOfy becomes the named development organization.
  • 2014: CISOfy software signing key is documented for download verification.
  • 2024: Lynis 3.1.x releases add modern OS and platform checks.
  • 2026: Lynis 3.1.7 is released with updated end-of-life database entries.

Related projects

  • Lynis Enterprise builds centralized reporting and compliance workflows around Lynis scan data.
  • Lynis Collector is an enterprise component for collecting and uploading audit reports in batch.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 1 platform targets.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
default.prfcustom.prf

executables

Installed executables

CommandKindExposureNote
lyniscliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version3.1.7
manager updated2026-06-25
local dataok
upstreamcurrent
latest detected3.1.7

https://github.com/CISOfy/lynis

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:lynis
Version3.1.7
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/lynis
Homepagehttps://cisofy.com/lynis/
Repositoryhttps://github.com/CISOfy/lynis
Upstream docshttps://cisofy.com/documentation/lynis
LicenseGPL-3.0-only
Source archivehttps://github.com/CISOfy/lynis/archive/refs/tags/3.1.7.tar.gz
Last updated2026-06-25T09:58:01Z
Pulseupdated
Bottleavailable (on all)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namelynis
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

lynis 3.1.4-1

security auditing tool for Unix based systems

https://cisofy.com/lynis/

sudo apt install lynis
  • Section: utils
  • Architecture: all
  • 1 dependencies
  • 9 optional deps
  • normalized package name match
  • Matched by: Lynis
Debian stable package indexes · deb.debian.org · Debian stable package indexes: lynis from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

lynis

nix profile install nixpkgs#lynis
  • normalized package name match
  • Matched by: Lynis
nixpkgs package indexes · api.github.com · nixpkgs package indexes: pkgs/by-name/ly/lynis/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
Ubuntu apt95%

lynis 3.0.9-1

security auditing tool for Unix based systems

https://cisofy.com/lynis/

sudo apt install lynis
  • Section: universe/utils
  • Architecture: all
  • 1 dependencies
  • 9 optional deps
  • normalized package name match
  • Matched by: Lynis
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: lynis from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
apk95%

lynis 3.1.4-r0

Security and system auditing tool

https://cisofy.com/lynis/

sudo apk add lynis
  • License: GPL-3.0-or-later
  • Architecture: x86_64
  • Source Package: lynis
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Lynis
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: lynis from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz
apk95%

lynis-bash-completion 3.1.4-r0

Bash completions for lynis

https://cisofy.com/lynis/

sudo apk add lynis-bash-completion
  • License: GPL-3.0-or-later
  • Architecture: x86_64
  • Source Package: lynis
  • normalized package name match
  • Matched by: Lynis
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: lynis-bash-completion from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz
apk95%

lynis-doc 3.1.4-r0

Security and system auditing tool (documentation)

https://cisofy.com/lynis/

sudo apk add lynis-doc
  • License: GPL-3.0-or-later
  • Architecture: x86_64
  • Source Package: lynis
  • normalized package name match
  • Matched by: Lynis
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: lynis-doc from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz
dnf95%

lynis 3.1.6-2.fc44

Security and system auditing tool

https://cisofy.com/lynis/

sudo dnf install lynis
  • License: GPL-3.0-only
  • Category: Unspecified
  • Architecture: noarch
  • Source Package: lynis
  • 4 dependencies
  • 2 provides
  • normalized package name match
  • Matched by: Lynis
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: lynis from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
pacman95%

lynis 3.1.6-1

Security and system auditing tool to harden Unix/Linux systems

https://cisofy.com/lynis/

sudo pacman -S lynis
  • License: GPL-3.0-only
  • Architecture: any
  • 2 dependencies
  • 3 optional deps
  • normalized package name match
  • Matched by: Lynis
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: lynis from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
zypper95%

lynis 3.1.6-2.2

Security and System auditing tool

https://cisofy.com/lynis/

sudo zypper install lynis
  • License: GPL-3.0-only
  • Category: System/Monitoring
  • Architecture: noarch
  • Source Package: lynis
  • 14 dependencies
  • 2 provides
  • normalized package name match
  • Matched by: Lynis
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: lynis from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
MacPorts95%

lynis

sudo port install lynis
  • normalized package name match
  • Matched by: Lynis
MacPorts ports tree · api.github.com · MacPorts ports tree: security/lynis/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment