Lynis can be run as a cron-job, or from the command line. It needs to have full access to the system, so running it as root (or with sudo rights) is required.
The following system areas are checked:
* Boot loader files
* Configuration files
* Common files by software packages
* Directories and files related to logging and auditing
OpenSuSe user can install Lynis using "1-click" installer - here
Lynis doesn't have to be installed, so it can be used directly from a (removable) disk.
Steps to run Lynis without installing:
* Download the source from here
* Create a directory ( /usr/local/lynis)
* unpack the tar ball (tar xfvz lynis-version.tar.gz) into this directory.
you can start it with 'lynis' (if installed and the file is available in your binary path) or 'sh lynis' or './lynis'.
Without parameters, Lynis will give you a valid list of parameters and return back to the shell prompt. At least the '-c' (--check-all) parameter is needed, to start the scan process.
Below is the Lynis report when run on my PC ...