Lynis is an open source and much powerful auditing tool for Unix/Linux like operating systems. It scans system for security information, general system information, installed and available software information, configuration mistakes, security issues, user accounts without password, wrong file permissions, firewall auditing, etc.

Instalación

yum install lynis -y
conectarse a https://cisofy.com/download/lynis-plugins-community/ con el Chrome
Dar al boton descargar
Llenar los datos y subscribirse
Recibiras por correo para confirmar la subscripcion

cd
wget http://sable.madmimi.com/c/6938?id=44150.2674.1.a12c46882ca668ab69e63acbe670c747 -O  lynis-community-plugins.tar.gz
tar -zxvf lynis-community-plugins.tar.gz --strip-components=1 -C /usr/share/lynis/plugins
chown root:root /usr/share/lynis/plugins/plugin_*
chmod 600 /usr/share/lynis/plugins/plugin_*
grep plugin= /etc/lynis/default.prf

Se debe obtener una salida como estas

[root@mxserver3 ~]# grep plugin= /etc/lynis/default.prf
 plugin=authentication
 plugin=compliance
 plugin=configuration
 plugin=control-panels
 plugin=crypto
 plugin=dns
 plugin=docker
 plugin=file-integrity
 plugin=file-systems
 plugin=firewalls
 plugin=forensics
 plugin=hardware
 plugin=intrusion-detection
 plugin=intrusion-prevention
 plugin=kernel
 plugin=malware
 plugin=memory
 plugin=nginx
 plugin=pam
 plugin=processes
 plugin=security-modules
 plugin=software
 plugin=system-integrity
 plugin=systemd
 plugin=users
 disable-plugin=authentication

Ejecutar sin parametros
lynis

[root@mxserver3 ~]# lynis
 [ Lynis 3.0.1 ]
 #
 Lynis comes with ABSOLUTELY NO WARRANTY. This is free software, and you are
   welcome to redistribute it under the terms of the GNU General Public License.
   See the LICENSE file for details about using this software.
 2007-2020, CISOfy - https://cisofy.com/lynis/
   Enterprise support available (compliance, plugins, interface and tools)
 #
 [+] Initializing program
 Usage: lynis command [options]
 Command:
 audit     audit system                  : Perform local security scan     audit system remote <host>    : Remote security scan     audit dockerfile <file>       : Analyze Dockerfile show     show                          : Show all commands     show version                  : Show Lynis version     show help                     : Show help update     update info                   : Show update details
 Options:
 Alternative system audit modes --forensics                       : Perform forensics on a running or mounted system --pentest                         : Non-privileged, show points of interest for pentesting Layout options --no-colors                       : Don't use colors in output --quiet (-q)                      : No output --reverse-colors                  : Optimize color display for light backgrounds --reverse-colours                 : Optimize colour display for light backgrounds Misc options --debug                           : Debug logging to screen --no-log                          : Don't create a log file --profile <profile>               : Scan the system with the given profile file --view-manpage (--man)            : View man page --verbose                         : Show more details on screen --version (-V)                    : Display version number and quit --wait                            : Wait between a set of tests --slow-warning <seconds>  : Threshold for slow test warning in seconds (default 10) Enterprise options --plugindir <path>                : Define path of available plugins --upload                          : Upload data to central node More options available. Run '/bin/lynis show options', or use the man page.
 No command provided. Exiting..

Para hacer un full scan

lynis audit system