########################## # lynis - Getting a Copy # ########################## You should be able to get a copy using your package manager but if not, read this (from https://packages.cisofy.com/community/): CISOfy logo Software Repository (Community) This is the software repository for packages provided by CISOfy. Usage of this repository This service is provided for free to Lynis community on the basis of fair-use. If you have more than a few systems, then set up your internal software repository or proxy and let it sync with ours. Note: If you get HTTP 429 errors, then adjust your package manager settings. Heavy usage of the repository will be blocked on our discretion. » Are you a customer of Lynis Enterprise? Operating Systems • CentOS • Debian • Fedora • Kali Linux • openSUSE • Oracle Linux • Red Hat Enterprise Linux (RHEL) • Ubuntu This list shows what operating systems were used to test these packages. We expect these packages to work for both older and newer versions, as no compilation was involved during packaging. Your operating system not listed here? You can use Git or use a "Manual" deployment. This is documented in our Get Started document. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ | openSUSE, SUSE `--------------- Are you already customer of Lynis Enterprise? See packages for customers. Import GPG key and add repository --------------------------------- First import the GPG key. This ensures the signed repository can be checked. sudo rpm --import https://packages.cisofy.com/keys/cisofy-software-rpms-public.key sudo zypper addrepo --gpgcheck --name "CISOfy Lynis repository" --priority 1 --refresh --type rpm-md https://packages.cisofy.com/community/lynis/rpm/ lynis Check if the repository is added: -------------------------------- sudo zypper repos Install Lynis ------------- If the repository is available, Lynis can be installed from it. As it is marked with a high priority, the Lynis package will be installed from the new repository. sudo zypper refresh sudo zypper install lynis | Fedora `------- Create repository file ---------------------- sudo vi /etc/yum.repos.d/cisofy-lynis.repo Add the following content: ------------------------- [lynis] name=CISOfy Software - Lynis package baseurl=https://packages.cisofy.com/community/lynis/rpm/ enabled=1 gpgkey=https://packages.cisofy.com/keys/cisofy-software-rpms-public.key gpgcheck=1 Install or Update ----------------- sudo dnf install lynis sudo dnf update lynis | CentOS and RHEL `---------------- Already a customer of Lynis Enterprise? See packages for customers. Lynis Community Ensure that cURL, NSS, openssl, and CA certificates are up-to-date. yum update ca-certificates curl nss openssl Create /etc/yum.repos.d/cisofy-lynis.repo [lynis] name=CISOfy Software - Lynis package baseurl=https://packages.cisofy.com/community/lynis/rpm/ enabled=1 gpgkey=https://packages.cisofy.com/keys/cisofy-software-rpms-public.key gpgcheck=1 Next step is installing Lynis with yum. sudo yum makecache fast sudo yum install lynis First time it might ask to import the GPG key. This ensures you only updates are received from us. Now you start using Lynis. First time users are advised to use the Get Started guide. lynis audit system Advanced: Custom RPM creation Like to build your own RPM? We have a Lynis spec file. git clone https://github.com/CISOfy/lynis-sdk ./lynis-devkit build rpm | Debian, Ubuntu `--------------- Are you are a customer with an active subscription to Lynis Enterprise? Have a look in the customers section. Import key ---------- For these commands root access may be needed. Use sudo or run as root user. Download the key from a central keyserver: ----------------------------------------- sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C80E383C3DE9F082E01391A0366C67DE91CA5D5F Or manually import it: sudo wget -O - https://packages.cisofy.com/keys/cisofy-software-public.key | sudo apt-key add - Add software repository ----------------------- The software repository uses preferably HTTPS for secure transport. Install the 'https' method for APT, if it was not available yet. sudo apt install apt-transport-https Using your software in English? Then configure APT to skip downloading translations. This saves bandwidth and prevents additional load on the repository servers. echo 'Acquire::Languages "none";' | sudo tee /etc/apt/apt.conf.d/99disable-translations Next step is adding the repository: ---------------------------------- echo "deb https://packages.cisofy.com/community/lynis/deb/ stable main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list Install Lynis ------------- Refresh the local package database with the new repository data and install Lynis: apt update Got an error after running this command? Check if you filled in the 'codename' correctly and the line is correct. It are those small details that may prevent it from working. apt install lynis Note, older Ubuntu versions may need sudo apt-get install lynis Confirm Lynis version --------------------- lynis show version Is your version not the latest? Run sudo apt-cache policy lynis to see where your package came from. Consider pinning ---------------- If you keep receiving an old version from your distribution, 'pin' the Lynis package. Create the file /etc/apt/preferences.d/lynis with the following contents: Package: lynis Pin: origin packages.cisofy.com Pin-Priority: 600 ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ Having issues? Look in our troubleshooting guide for issues installation or updating Lynis. This service is provided to the community and customers of Lynis and Lynis Enterprise. For support or questions see our website.