I am a very casual Ubuntu user so forgive my lack of knowledge. I haven't seen this question posted anywhere else. I have largely stayed up-to-date with updates other than not upgrading yet to LTS 24.04.
I looked in my syslog and it seems that systemd is running Lynis automatically. Without my input. It runs it every day between 00:00:00 and 00:30:00. I initially panicked because I read somewhere that Lynis can be used as a penetration testing tool. But since it seems to run every day, and it seems to be running the Lynis version that's installed on my system that is very out of date, I'm more inclined to think that it's an automatic process.
Here is a sample of what I see in the syslog:
May 5 00:05:28 USERNAME-desktop systemd[1]: Started Security audit and vulnerabil
ity scanner.
May 5 00:05:28 USERNAME-desktop lynis[497190]: [ Lynis 3.0.7 ]
May 5 00:05:28 USERNAME-desktop lynis[497190]: ##################################
##############################################
[STANDARD LYNIS OUTPUT]
I never set any sort of cron job to do this. And if it's an automatic process then it's a very weird one since syslog keeps all the Lynis output which shows more or less the same output as if I ran it manually. I don't know if there's a benefit to running Lynis like that since it seems it makes suggestions to the end user rather than doing anything to harden the system by itself.
Is it supposed to do that? Did I misconfigure something? Is it an indication my system is compromised?
