pg_auto_failover_ansible VS lynis

Compare pg_auto_failover_ansible vs lynis and see what are their differences.


Ansible Playbook(s) to create/manage a cluster of PostgreSQL nodes running in a cluster with pg_auto_failover (by neuroforgede)


Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional. (by CISOfy)
Our great sponsors
  • SonarLint - Clean code begins in your IDE with SonarLint
  • - Download’s Tech Salary Report
  • InfluxDB - Build time-series-based applications quickly and at scale.
  • Scout APM - Truly a developer’s best friend
pg_auto_failover_ansible lynis
5 50
25 10,082
- 0.9%
6.1 6.6
about 1 month ago 5 days ago
Shell Shell
GNU General Public License v3.0 or later GNU General Public License v3.0 only
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.


Posts with mentions or reviews of pg_auto_failover_ansible. We have used some of these posts to build our list of alternatives and similar projects.

We haven't tracked posts mentioning pg_auto_failover_ansible yet.
Tracking mentions began in Dec 2020.


Posts with mentions or reviews of lynis. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-09-16.
  • Linux security
    3 projects | | 16 Sep 2022
    Lynis is one such tool. The more tools you use, the more coverage you'll get.
    3 projects | | 16 Sep 2022
  • How I secure my VPS
    2 projects | | 25 Aug 2022
    You can use Lynis to audit your system and find possible improvements.
  • CIS Hardening Ubuntu Server
    2 projects | | 7 Jul 2022
  • PChunter equivalent on Linux?
    4 projects | | 20 Jun 2022
  • Server Hardening Checklist
    2 projects | | 3 May 2022
    For Linux lynis by cisofy. Free version is good enough, but the paid is cheap. The guy who writes it is super helpful.
  • Is clamav still regarded as the best virus scanning software on Linux?
    4 projects | | 9 Mar 2022
  • Linux noob, just got on Fedora - security related query.
    2 projects | | 26 Feb 2022
    You can install Lynis (, it should be in the repo. Run it and it will tell you recommendations to improve security.
  • [question] vulnerability assessment (for the homeserver)
    2 projects | | 23 Dec 2021
    Take at look at Grype for containers and Lynis for the OS.
  • My First 5 Minutes on a Server; Or, Essential Security for Linux Servers (2013)
    2 projects | | 8 Dec 2021
    > Isn't a Ubuntu server secure out of the box?

    I think that the people working at RedHat actually are more competent in moving security forward on Linux than what Ubuntu does. Ubuntu hardly innovates here at all. It's target seems to be desktop users or server admins that are familiar with the Desktop version. I wouldn't put Ubuntu (or any other distribution) on a server without an elaborate playbook to tailor it to my needs. And this is where Ubuntu fails for me because it makes some weird assumptions as to what I want in terms of security (which are absent in Debian). YMMV. Ubuntu security innovation is non existing. Although I think that a distribution's goal should be accessibility and configurability - in that regard all of them don't prioritize security features as much as I'd like to see (but knowing myself I probably would complain the second these features become too opinionated.

    Ubuntu compared to Debian standard install is more bloated, interim releases are much buggier, and Ubuntu LTS is less stable than Debian stable. Ubuntu's root certificate store is constantly outdated (though the same issue might also be on Debian). Their apparmor configuration lags behind.

    All distributions could do more to lock down processes with seccomp-filters in systemd. Would be interesting to see what lynis⁰ discovers when comparing a fresh server install between Ubuntu and others.

    Jason Donenfeld, the creator of Wireguard said about Ubuntu on the latest¹ SCW podcast:

    > Ubuntu is always, a horrible distribution to work with, ...

    > Well, they [Ubuntu] sort of inherit from Debian, but they're like not super tuned in to what's going on and like not really on top of things. And so it was just always, it's still a pain to like make sure Ubuntu is working well. but I don't know, it's not too much interesting to say about the distro story, just open source politics as usual.

    while somewhat anecdotal I trust that Jason knows what he is talking about having been on the linux security kernel team for ages and familiar with the quirks of various downstream vendors. His development cycle for WG is: implement -> decompile -> formal-verification -> rinse/repeat :-/


What are some alternatives?

When comparing pg_auto_failover_ansible and lynis you can also consider the following projects:

Wazuh - Wazuh - The Open Source Security Platform

OSSEC - OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

cve-check-tool - Original Automated CVE Checking Tool

PEASS-ng - PEASS - Privilege Escalation Awesome Scripts SUITE (with colors)

OSQuery - SQL powered operating system instrumentation, monitoring, and analytics.

pfSense - Main repository for pfSense

debian-cis - PCI-DSS compliant Debian 9/10 hardening

crowdsec - CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network.

Snort - Snort++

Fail2Ban - Daemon to ban hosts that cause multiple authentication errors

syft - CLI tool and library for generating a Software Bill of Materials from container images and filesystems

grype - A vulnerability scanner for container images and filesystems