macOS
brew install lynislocal Homebrew formula metadata
sudo port install lynisMacPorts ports tree · security/lynis/Portfile · source: api.github.com
brew
Security and system auditing tool to harden systems. Version 3.1.7 via Homebrew; verified 2026-06-25.
install
brew install lynislocal Homebrew formula metadata
sudo port install lynisMacPorts ports tree · security/lynis/Portfile · source: api.github.com
sudo apk add lynisAlpine Linux edge package indexes · lynis · source: dl-cdn.alpinelinux.org
sudo apt install lynisDebian stable package indexes · lynis · source: deb.debian.org
sudo dnf install lynisFedora Rawhide package metadata · lynis · source: dl.fedoraproject.org
nix profile install nixpkgs#lynisnixpkgs package indexes · pkgs/by-name/ly/lynis/package.nix · source: api.github.com
sudo pacman -S lynisArch Linux sync databases · lynis · source: geo.mirror.pkgbuild.com
sudo zypper install lynisopenSUSE Tumbleweed package metadata · lynis · source: download.opensuse.org
overview
Security and system auditing tool to harden systems
history
Lynis is an open source Unix-like system security auditing and hardening tool. It gathers security information, runs checks, and reports warnings and suggestions for administrators, auditors, security specialists, and system maintainers.
The official README traces Lynis development to May 2007, with Michael Boelen as author from 2007 to 2013 and CISOfy carrying development from 2013 onward. The project is GPLv3-licensed, written as shell scripts, and maintained at CISOfy with public development on GitHub.
Lynis was designed to run directly from an unpacked directory as well as from installed packages. Its README and documentation emphasize broad Unix coverage rather than one distribution: Linux, BSD variants, macOS, Solaris, AIX, and related Unix-like systems are all part of the supported-audit story.
The changelog shows ongoing maintenance into the 2020s, with releases adding OS detection, end-of-life databases, malware and file-integrity checks, macOS checks, package-manager checks, and many platform-specific hardening tests.
Lynis has unusually broad packaging for a security-audit shell tool. The batch package metadata lists Alpine, Homebrew, Debian, Fedora/DNF, MacPorts, Nix, Arch, Ubuntu, and openSUSE/Zypper, while the upstream docs also mention CISOfy package repositories and custom RPM package building.
CISOfy built a commercial ecosystem around the open source tool through Lynis Enterprise, using Lynis scans as the local audit engine while adding centralized reporting, monitoring, compliance features, dashboards, and support. That commercial/open-source split helped keep Lynis relevant both as a package-manager tool and as a managed audit component.
The common interactive workflow is `lynis audit system`, often run as root for a full audit. The documentation also covers quick or quiet scans, cron jobs, update checks, viewing profiles and settings, and reading `/var/log/lynis.log` after a scan to interpret findings.
Lynis uses profiles as its configuration model. The FAQ says profiles are usually stored in `/etc/lynis` or discoverable with `lynis show profiles`; the default profile warns users to put local changes in `custom.prf` beside `default.prf` rather than editing the default file.
Lynis matters to package people because it is both a packaged security utility and a package-system inspector. Its checks know about APT/dpkg, RPM/YUM, pacman, zypper, apk, Homebrew, and other platform details, so keeping it current means tracking operating-system churn, package-manager behavior, and hardening expectations across many Unix-like systems.
security posture
narrow executable package without higher-risk signals.
green risk · low confidence · appliance
Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
default.prfcustom.prfexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
lynis | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
https://github.com/CISOfy/lynis
install metadata
| Package key | brew:lynis |
|---|---|
| Version | 3.1.7 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/lynis |
| Homepage | https://cisofy.com/lynis/ |
| Repository | https://github.com/CISOfy/lynis |
| Upstream docs | https://cisofy.com/documentation/lynis |
| License | GPL-3.0-only |
| Source archive | https://github.com/CISOfy/lynis/archive/refs/tags/3.1.7.tar.gz |
| Last updated | 2026-06-25T09:58:01Z |
| Pulse | updated |
| Bottle | available (on all) |
| Homebrew post-install | not defined |
| Service | none declared |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | lynis |
| Version Scheme | 0 |
| Revision | 0 |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
lynis 3.1.4-1
security auditing tool for Unix based systems
sudo apt install lynislynis
nix profile install nixpkgs#lynislynis 3.0.9-1
security auditing tool for Unix based systems
sudo apt install lynislynis 3.1.4-r0
Security and system auditing tool
sudo apk add lynislynis-bash-completion 3.1.4-r0
Bash completions for lynis
sudo apk add lynis-bash-completionlynis-doc 3.1.4-r0
Security and system auditing tool (documentation)
sudo apk add lynis-doclynis 3.1.6-2.fc44
Security and system auditing tool
sudo dnf install lynislynis 3.1.6-1
Security and system auditing tool to harden Unix/Linux systems
sudo pacman -S lynislynis 3.1.6-2.2
Security and System auditing tool
sudo zypper install lynislynis
sudo port install lynissource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.