Software Repository (Customers)



Difference with Community version

The software packages in this repository consists of stable releases of Lynis. Customers of Lynis Enterprise also have the following packages available:



Requirements

The customer repository is not enabled for your license key(s) by default. If you like to use the packages from our software repository, contact support@cisofy.com. This is also useful if you like to add our packages into your own internal software repository.



Installation


CentOS, Fedora, and RHEL

Update prerequisites

  • Have your license key enabled by CISOfy support
  • Use up-to-date versions of cURL, NSS, OpenSSL, and CA certificates
yum update ca-certificates curl nss openssl

Create repository

Create /etc/yum.repos.d/cisofy-lynis.repo

[lynis]
name=CISOfy Software - Lynis package
baseurl=https://packages.cisofy.com/customers/LICENSE-KEY/lynis/rpm/
enabled=1
gpgkey=https://packages.cisofy.com/keys/cisofy-software-public.key
gpgcheck=1

Note: using a self-hosted installation of Lynis Enterprise? Use your sublicense key (not the master key).

Install Lynis and Lynis plugins

yum makecache fast

yum install lynis lynis-plugins

After installation, configure Lynis with the configure settings command.




Debian and Ubuntu

Update prerequisites

Have your license key enabled by CISOfy support, otherwise you get a 404 error.

Our software repository uses preferably HTTPS, so the 'https' method for APT might need to be installed first.

sudo apt install apt-transport-https

Suggested method to download key and use it

curl -fsSL https://packages.cisofy.com/keys/cisofy-software-public.key | sudo gpg --dearmor -o /etc/apt/trusted.gpg.d/cisofy-software-public.gpg
echo "deb [arch=amd64,arm64 signed-by=/etc/apt/trusted.gpg.d/cisofy-software-public.gpg] https://packages.cisofy.com/customers/LICENSE-KEY/lynis/deb/ stable main" | sudo tee /etc/apt/sources.list.d/cisofy-lynis.list

Note: using a self-hosted installation of Lynis Enterprise? Use your sublicense key (not the master key!).

Method for older systems (to be deprecated in future)

Option 1) sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 013baa07180c50a7101097ef9de922f1c2fde6c4
Option 2) sudo wget -O - https://packages.cisofy.com/keys/cisofy-software-public.key | sudo apt-key add -

Install Lynis and Lynis Plugins

sudo apt update

sudo apt install lynis lynis-plugins

After installation, configure Lynis with the configure settings command.




openSUSE, SUSE

Update prerequisites

Have your license key enabled by CISOfy support

Import GPG key and add repository

First import the GPG key. This ensures the signed repository can be checked.

rpm --import https://packages.cisofy.com/keys/cisofy-software-public.key
zypper addrepo --gpgcheck --name "CISOfy Lynis repository" --priority 1 --refresh --type rpm-md https://packages.cisofy.com/customers/LICENSE-KEY/lynis/rpm/ lynis

Check if the repository is added:

zypper repos

Install Lynis

If the repository is available, Lynis can be installed from it. As it is marked with a high priority, the Lynis package will be installed from the new repository.

zypper refresh
zypper install lynis lynis-plugins

After installation, configure Lynis with the configure settings command.



Configure Lynis client

The client configuration can be scripted, for easy deployment. Use the configure settings command for this and run Lynis.

sudo touch /etc/lynis/custom.prf

sudo lynis configure settings license-key=LICENSE-KEY:upload-server=portal.cisofy.com

sudo lynis audit system --quick --upload


Tip: After setting up the client, create a cronjob for automatic data uploads.