Lynis is an excellent security audit tool for Linux and various Unix derivatives. I have a small wrapper script that runs Lynis via a cron job, does a selective diff with the previous run’s output, and sends me an email.

Unfortunately, Lynis does not update itself automatically and this is the sort of application that needs to be up-to-date. I installed mine via a tarball – the most common and recommended way for this utility – and so it does not update when I patch the system.

Here is a, perhaps, unnecessarily convoluted script that checks the version of Lynis and updates it, if required. In a nutshell, all this script does is download the most recent version of Lynis and overwrites the existing version on your machine.

But there are a lot of checks in the background designed to detect a variety of issues. When writing this sort of scripts I try to hard-code as little as possible. Primarily, because the folks maintaining such online resources usually have little regard for automation and can make silly changes to names and URLs without notice.

The script is below for your review. If you’re going to use it, I suggest downloading it from my GitHub repo to avoid any copy-paste weirdness.