# Install lynis with Homebrew, apk, apt, dnf, MacPorts, Nix, pacman, zypper

Security and system auditing tool to harden systems. Version 3.1.7 via Homebrew; verified 2026-06-25.

## Install

```sh
sudo av install brew:lynis
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install lynis
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install lynis
```

  Evidence: MacPorts ports tree: security/lynis/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- apk (92%):

```sh
sudo apk add lynis
```

  Evidence: Alpine Linux edge package indexes: lynis from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz

- Debian apt (92%):

```sh
sudo apt install lynis
```

  Evidence: Debian stable package indexes: lynis from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- dnf (92%):

```sh
sudo dnf install lynis
```

  Evidence: Fedora Rawhide package metadata: lynis from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst

- Nix (92%):

```sh
nix profile install nixpkgs#lynis
```

  Evidence: nixpkgs package indexes: pkgs/by-name/ly/lynis/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- pacman (92%):

```sh
sudo pacman -S lynis
```

  Evidence: Arch Linux sync databases: lynis from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz

- zypper (92%):

```sh
sudo zypper install lynis
```

  Evidence: openSUSE Tumbleweed package metadata: lynis from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

## Package facts

- **Package key:** brew:lynis
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/lynis>
- **Version:** 3.1.7
- **Source summary:** Security and system auditing tool to harden systems
- **Homepage:** <https://cisofy.com/lynis/>
- **Repository:** <https://github.com/CISOfy/lynis>
- **Upstream docs:** <https://cisofy.com/documentation/lynis>
- **License:** GPL-3.0-only
- **Source archive:** <https://github.com/CISOfy/lynis/archive/refs/tags/3.1.7.tar.gz>
- **Last updated:** 2026-06-25T09:58:01Z
- **Generated:** 2026-07-08T18:08:21+00:00

## Executables

- lynis (cli)
- lynis (alias)

## Install behavior

- Post-install hook: not defined
- Bottle: available on all

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 3.1.7
- Package-manager updated: 2026-06-25
- Local data: ok
- Upstream repository: https://github.com/CISOfy/lynis
- Upstream latest detected: 3.1.7 (current)
## Project history and usage

Lynis is an open source Unix-like system security auditing and hardening tool. It gathers security information, runs checks, and reports warnings and suggestions for administrators, auditors, security specialists, and system maintainers.

### Project history

The official README traces Lynis development to May 2007, with Michael Boelen as author from 2007 to 2013 and CISOfy carrying development from 2013 onward. The project is GPLv3-licensed, written as shell scripts, and maintained at CISOfy with public development on GitHub.

Lynis was designed to run directly from an unpacked directory as well as from installed packages. Its README and documentation emphasize broad Unix coverage rather than one distribution: Linux, BSD variants, macOS, Solaris, AIX, and related Unix-like systems are all part of the supported-audit story.

The changelog shows ongoing maintenance into the 2020s, with releases adding OS detection, end-of-life databases, malware and file-integrity checks, macOS checks, package-manager checks, and many platform-specific hardening tests.

### Adoption history

Lynis has unusually broad packaging for a security-audit shell tool. The batch package metadata lists Alpine, Homebrew, Debian, Fedora/DNF, MacPorts, Nix, Arch, Ubuntu, and openSUSE/Zypper, while the upstream docs also mention CISOfy package repositories and custom RPM package building.

CISOfy built a commercial ecosystem around the open source tool through Lynis Enterprise, using Lynis scans as the local audit engine while adding centralized reporting, monitoring, compliance features, dashboards, and support. That commercial/open-source split helped keep Lynis relevant both as a package-manager tool and as a managed audit component.

### How it is used

The common interactive workflow is `lynis audit system`, often run as root for a full audit. The documentation also covers quick or quiet scans, cron jobs, update checks, viewing profiles and settings, and reading `/var/log/lynis.log` after a scan to interpret findings.

Lynis uses profiles as its configuration model. The FAQ says profiles are usually stored in `/etc/lynis` or discoverable with `lynis show profiles`; the default profile warns users to put local changes in `custom.prf` beside `default.prf` rather than editing the default file.

### Why package nerds care

Lynis matters to package people because it is both a packaged security utility and a package-system inspector. Its checks know about APT/dpkg, RPM/YUM, pacman, zypper, apk, Homebrew, and other platform details, so keeping it current means tracking operating-system churn, package-manager behavior, and hardening expectations across many Unix-like systems.

### Timeline

- 2007: Lynis development begins under Michael Boelen.
- 2013: CISOfy becomes the named development organization.
- 2014: CISOfy software signing key is documented for download verification.
- 2024: Lynis 3.1.x releases add modern OS and platform checks.
- 2026: Lynis 3.1.7 is released with updated end-of-life database entries.

### Related projects

- Lynis Enterprise builds centralized reporting and compliance workflows around Lynis scan data.
- Lynis Collector is an enterprise component for collecting and uploading audit reports in batch.

### Sources

- <https://cisofy.com/documentation/lynis/>
- <https://github.com/CISOfy/lynis>
- <https://raw.githubusercontent.com/CISOfy/lynis/master/CHANGELOG.md>
- <https://raw.githubusercontent.com/CISOfy/lynis/master/FAQ>
- <https://raw.githubusercontent.com/CISOfy/lynis/master/README>
- <https://raw.githubusercontent.com/CISOfy/lynis/master/default.prf>
- source_facts.package-manager


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: default.prf, custom.prf
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** lynis
- **Version Scheme:** 0
- **Revision:** 0
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## Other Package-Manager Records

- Debian apt - lynis - 3.1.4-1: normalized package name match | Debian stable package indexes: lynis from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | security auditing tool for Unix based systems | https://cisofy.com/lynis/
- Nix - lynis: normalized package name match | nixpkgs package indexes: pkgs/by-name/ly/lynis/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- Ubuntu apt - lynis - 3.0.9-1: normalized package name match | Ubuntu 24.04 LTS package indexes: lynis from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | security auditing tool for Unix based systems | https://cisofy.com/lynis/
- apk - lynis - 3.1.4-r0: normalized package name match | Alpine Linux edge package indexes: lynis from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz | Security and system auditing tool | https://cisofy.com/lynis/
- apk - lynis-bash-completion - 3.1.4-r0: normalized package name match | Alpine Linux edge package indexes: lynis-bash-completion from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz | Bash completions for lynis | https://cisofy.com/lynis/
- apk - lynis-doc - 3.1.4-r0: normalized package name match | Alpine Linux edge package indexes: lynis-doc from https://dl-cdn.alpinelinux.org/alpine/edge/testing/x86_64/APKINDEX.tar.gz | Security and system auditing tool (documentation) | https://cisofy.com/lynis/
- dnf - lynis - 3.1.6-2.fc44: normalized package name match | Fedora Rawhide package metadata: lynis from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst | Security and system auditing tool | https://cisofy.com/lynis/
- pacman - lynis - 3.1.6-1: normalized package name match | Arch Linux sync databases: lynis from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz | Security and system auditing tool to harden Unix/Linux systems | https://cisofy.com/lynis/
- zypper - lynis - 3.1.6-2.2: normalized package name match | openSUSE Tumbleweed package metadata: lynis from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Security and System auditing tool | https://cisofy.com/lynis/
- MacPorts - lynis: normalized package name match | MacPorts ports tree: security/lynis/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1


## Related links

- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [Homebrew utility packages](https://www.automicvault.com/pkg/brew-utility-packages/) - Matched Homebrew package provider.
- [ssh-audit](https://www.automicvault.com/pkg/brew/ssh-audit/) - Shares av.db curated category or tags: auditing, cli, hardening, security, security-audit.
- [chain-bench](https://www.automicvault.com/pkg/brew/chain-bench/) - Shares av.db curated category or tags: auditing, cli, security.
- [prowler](https://www.automicvault.com/pkg/brew/prowler/) - Shares av.db curated category or tags: auditing, cli, security.
- [ssh-mitm](https://www.automicvault.com/pkg/brew/ssh-mitm/) - Shares av.db curated category or tags: auditing, cli, security.
- [kubescape](https://www.automicvault.com/pkg/brew/kubescape/) - Shares av.db curated category or tags: cli, hardening, security.
- [nmap](https://www.automicvault.com/pkg/brew/nmap/) - Shares av.db curated category or tags: cli, security, security-audit.
- [acme.sh](https://www.automicvault.com/pkg/brew/acme-sh/) - Shares av.db curated category or tags: cli, security.
- [aescrypt](https://www.automicvault.com/pkg/brew/aescrypt/) - Shares av.db curated category or tags: cli, security.

## Combined YAML source

View the package source record on GitHub. [combined/lynis.yml](https://github.com/automic-vault/db/blob/main/combined/lynis.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
