Lynis is an open-source security auditing tool for Linux systems. It scans file permissions, kernel parameters, installed packages, running services, and more. It’s read-only — it never changes anything on the system, just reports what it finds.

The problem comes when managing multiple servers. Running Lynis on each one, collecting the reports, and tracking changes over time becomes tedious quickly.

A centralized dashboard for Lynis

TrikuSec Devices Dashboard

I built TrikuSec to solve this. It’s a centralized platform that collects Lynis audit reports from multiple servers and presents them in a single web dashboard.

How it works:

  1. Deploy TrikuSec with Docker (docker compose up -d)
  2. Configure each server to send Lynis reports via a cron job
  3. View all results from the dashboard

Like Lynis itself, TrikuSec follows a read-only model. Servers send data to TrikuSec, but TrikuSec never sends commands back.

Main features

  • Device Management: All servers in one place, with metadata like hostname, OS, and distribution
  • Compliance Policies: Define rules (e.g. “SSH root login must be disabled”) and check all servers against them automatically

TrikuSec Policies

  • Change Tracking: Diff reports between audits to see exactly what changed
  • PDF Reports: Export compliance status for documentation or audits

What’s next

Some ideas for future versions: interactive charts and trend analysis, an alerting system (Slack, email, webhooks) for compliance changes, and possibly Windows support through similar auditing tools.

Try it

TrikuSec is open-source under GPL-3.0.

docker compose up -d

Important: TrikuSec is not a professional product. It’s an open-source project in active development. If you need enterprise support and SLAs, consider Lynis Enterprise by CISOfy.

Note: I have no affiliation with CISOfy or the Lynis project.