Lynis - an auditing tool for Linux/Unix

The first step to higher security of your system is to assess the current state of the system. Lynis is a small command line tool, licensed under GPL 3, which can help you achieving this.

From the authors homepage:

Lynis is an auditing tool for Unix (specialists). It scans the system and available software, to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes.

Examples of audit tests:
- Available authentication methods
- Expired SSL certificates
- Outdated software
- User accounts without password
- Incorrect file permissions
- Firewall auditing

This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems. It can be run without prior installation, so inclusion on read only storage is no problem (USB stick, cd/dvd).

He also clearly states what Lynis is not:

Not a hardening tool: Lynis does not fix things automatically, it reports only (and makes suggestions).

More to the technicial stuff: The basis of the program are shell scripts which scan the operating system and installed software (e.g. old software) but also stuff like SSL certificates (e.g. expire date). The software checks for accounts without password or wrong file permissions and it takes also a look at your local firewall. It runs under many Linux and Unix versions including Debian and Ubuntu.