Lynis Alternatives
Similar projects and alternatives to lynis
-
-
OSSEC
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
-
SonarQube
Static code analysis for 29 languages.. Your projects are multi-language. So is SonarQube analysis. Find Bugs, Vulnerabilities, Security Hotspots, and Code Smells so you can release quality code every time. Get started analyzing your projects today for free.
-
crowdsec
CrowdSec - the open-source and participative IPS able to analyze visitor behavior & provide an adapted response to all kinds of attacks. It also leverages the crowd power to generate a global CTI database to protect the user network.
-
-
-
-
How-To-Secure-A-Linux-Server
An evolving how-to guide for securing a Linux server.
-
Scout APM
Less time debugging, more time building. Scout APM allows you to find and fix performance issues with no hassle. Now with error monitoring and external services monitoring, Scout is a developer's best friend when it comes to application development.
-
-
-
keepassxc
KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
-
spiderfoot
SpiderFoot automates OSINT for threat intelligence and mapping your attack surface.
-
-
-
-
-
mitmproxy
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
-
-
-
Keycloak
Open Source Identity and Access Management For Modern Applications and Services
Reviews and mentions
- Securing linux box
-
[question] vulnerability assessment (for the homeserver)
Take at look at Grype for containers and Lynis for the OS.
-
Are there any guides on how to secure your linux pc?
This may help. https://github.com/CISOfy/Lynis
-
Do I need an anti virus software / which one to use
https://cisofy.com/lynis/ *
-
My First 5 Minutes on a Server; Or, Essential Security for Linux Servers (2013)
> Isn't a Ubuntu server secure out of the box?
I think that the people working at RedHat actually are more competent in moving security forward on Linux than what Ubuntu does. Ubuntu hardly innovates here at all. It's target seems to be desktop users or server admins that are familiar with the Desktop version. I wouldn't put Ubuntu (or any other distribution) on a server without an elaborate playbook to tailor it to my needs. And this is where Ubuntu fails for me because it makes some weird assumptions as to what I want in terms of security (which are absent in Debian). YMMV. Ubuntu security innovation is non existing. Although I think that a distribution's goal should be accessibility and configurability - in that regard all of them don't prioritize security features as much as I'd like to see (but knowing myself I probably would complain the second these features become too opinionated.
Ubuntu compared to Debian standard install is more bloated, interim releases are much buggier, and Ubuntu LTS is less stable than Debian stable. Ubuntu's root certificate store is constantly outdated (though the same issue might also be on Debian). Their apparmor configuration lags behind.
All distributions could do more to lock down processes with seccomp-filters in systemd. Would be interesting to see what lynis⁰ discovers when comparing a fresh server install between Ubuntu and others.
Jason Donenfeld, the creator of Wireguard said about Ubuntu on the latest¹ SCW podcast:
> Ubuntu is always, a horrible distribution to work with, ...
> Well, they [Ubuntu] sort of inherit from Debian, but they're like not super tuned in to what's going on and like not really on top of things. And so it was just always, it's still a pain to like make sure Ubuntu is working well. but I don't know, it's not too much interesting to say about the distro story, just open source politics as usual.
while somewhat anecdotal I trust that Jason knows what he is talking about having been on the linux security kernel team for ages and familiar with the quirks of various downstream vendors. His development cycle for WG is: implement -> decompile -> formal-verification -> rinse/repeat :-/
¹ https://securitycryptographywhatever.buzzsprout.com/1822302/...
- Looking for Guidance on Hardening Fedora
-
Securing a Linux server. What else to do?
Lynis is a tool that will analyze your system and give general security and consistency recommendations. Since you're talking about securing SSH, this tool has a whole list of SSH configurations that it will check and inform you which ones you should tighten up. https://cisofy.com/lynis/
-
multipronged Issue
Fwiw, you can make Manjaro significantly more secure than it comes stock. A hardened kernel, good firewall rules, SELinux or other mandatory access control system, Secure Boot, disk encryption, etc. Maybe check out lynis and it's recommendations?
-
Kubernetes Security Checklist 2021
It is recommended to regularly scan packages and configuration for vulnerabilities(OpenSCAP profiles, Lynis)
-
Awesome Penetration Testing
Lynis - Auditing tool for UNIX-based systems.
-
Beginner guide: How to secure your self-hosted services
If you want a deeper look into your system security you could take a look at something like Lynis - which is one of the more accessible tools to asses system security
-
Intrusion detection software?
WAZUH (fork of OSSEC would be my first choice when it comes to Linux based HIDS (host based), and Snort or Suricata if you are looking for NIDS (network based). As well as Lynis for ensuring the setup of the host is as you intended.
- T440p is a really nice machine.
- Looking for software to manage Linux VM's
-
looking for a good server provider with yunohost preinstalled
and run lynis to check the security at a deeper level ( https://cisofy.com/lynis/ )
Stats
CISOfy/lynis is an open source project licensed under GNU General Public License v3.0 only which is an OSI approved license.
Popular Comparisons
Are you hiring? Post a new remote job listing for free.