Software Repository (Customers)

Difference with Community version
Requirements
Installation
- CentOS, Fedora, RHEL
- Debian, Ubuntu
- openSUSE, SUSE
Client Configuration

Difference with Community version

The software packages in this repository consists of stable releases of Lynis. Customers of Lynis Enterprise also have the following packages available:

Lynis Collector
Lynis Plugins

Requirements

A valid Lynis Enterprise license key
License activation

The customer repository is not enabled for your license key(s) by default. If you like to use the packages from our software repository, contact support@cisofy.com. This is also useful if you like to add our packages into your own internal software repository.

Installation

CentOS, Fedora, and RHEL
Update prerequisites
Have your license key enabled by CISOfy support

Use up-to-date versions of cURL, NSS, OpenSSL, and CA certificates
yum update ca-certificates curl nss openssl
Create repository
Create /etc/yum.repos.d/cisofy-lynis.repo
[lynis]
name=CISOfy Software - Lynis package
baseurl=https://packages.cisofy.com/customers/LICENSE-KEY/lynis/rpm/
enabled=1
gpgkey=https://packages.cisofy.com/keys/cisofy-software-public.key
gpgcheck=1
Note: using a self-hosted installation of Lynis Enterprise? Use your sublicense key (not the master key).
Install Lynis and Lynis plugins
yum makecache fast
yum install lynis lynis-plugins
After installation, configure Lynis with the configure settings command.
Debian and Ubuntu
Update prerequisites

Have your license key enabled by CISOfy support, otherwise you get a 404 error.

Our software repository uses preferably HTTPS, so the 'https' method for APT might need to be installed first.
sudo apt install apt-transport-https
Suggested method to download key and use it
curl -fsSL https://packages.cisofy.com/keys/cisofy-software-public.key | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/cisofy-software-public.gpg
echo "deb [arch=amd64,arm64 signed-by=/etc/apt/trusted.gpg.d/cisofy-software-public.gpg] https://packages.cisofy.com/customers/LICENSE-KEY/lynis/deb/ stable main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list
Note: using a self-hosted installation of Lynis Enterprise? Use your sublicense key (not the master key!).

Method for older systems (to be deprecated in future)
Option 1) sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 013baa07180c50a7101097ef9de922f1c2fde6c4
Option 2) sudo wget -O - https://packages.cisofy.com/keys/cisofy-software-public.key | sudo apt-key add -
Install Lynis and Lynis Plugins
sudo apt update
sudo apt install lynis lynis-plugins
After installation, configure Lynis with the configure settings command.
openSUSE, SUSE
Update prerequisites

Have your license key enabled by CISOfy support

Import GPG key and add repository
First import the GPG key. This ensures the signed repository can be checked.
rpm --import https://packages.cisofy.com/keys/cisofy-software-public.key
zypper addrepo --gpgcheck --name "CISOfy Lynis repository" --priority 1 --refresh --type rpm-md https://packages.cisofy.com/customers/LICENSE-KEY/lynis/rpm/ lynis
Check if the repository is added:
zypper repos
Install Lynis
If the repository is available, Lynis can be installed from it. As it is marked with a high priority, the Lynis package will be installed from the new repository.
zypper refresh
zypper install lynis lynis-plugins
After installation, configure Lynis with the configure settings command.

Configure Lynis client

The client configuration can be scripted, for easy deployment. Use the configure settings command for this and run Lynis.

sudo touch /etc/lynis/custom.prf

sudo lynis configure settings license-key=LICENSE-KEY:upload-server=portal.cisofy.com

sudo lynis audit system --quick --upload

Tip: After setting up the client, create a cronjob for automatic data uploads.