In the previous section, we saw how MBSA can be used to assess the security and patch level on any Microsoft system. We can do a similar assessment on a Linux system as well. In order to perform security and patch enumeration on a Linux system, we can use a tool called Lynis, available at https://cisofy.com/lynis/.

Lynis is a comprehensive tool which can be effectively used for security auditing, compliance testing, vulnerability detection, and system hardening. It runs on almost all UNIX-based systems. While it comes preinstalled in certain Linux distributions, such as Kali Linux, you might have to install it separately on other Linux versions; note the following screenshot:

Once Lynis finishes running all tests, a detailed report is generated at the location /var/log/lynis.log. The report contains all the information on the security health check of the system that was assessed.