Once lynis starts scanning your system, it will perform auditing in a number of categories:

• System tools: system binaries
• Boot and services: boot loaders, startup services
• Kernel: run level, loaded modules, kernel configuration, core dumps
• Memory and processes: zombie processes, IO waiting processes
• Users, groups and authentication: group IDs, sudoers, PAM configuration, password aging, default mask
• Shells
• File systems: mount points, /tmp files, root file system
• Storage: usb-storage, firewire ohci
• NFS
• Software: name services: DNS search domain, BIND
• Ports and packages: vulnerable/upgradable packages, security repository
• Networking: nameservers, promiscuous interfaces, connections
• Printers and spools: cups configuration
• Software: e-mail and messaging
• Software: firewalls: iptables, pf
• Software: webserver: Apache, nginx
• SSH support: SSH configuration
• SNMP support
• Databases: MySQL root password
• LDAP services
• Software: php: php options
• Squid support
• Logging and files: syslog daemon, log directories
• Insecure services: inetd
• Banners and identification
• Scheduled tasks: crontab/cronjob, atd
• Accounting: sysstat data, auditd
• Time and synchronization: ntp daemon
• Cryptography: SSL certificate expiration
• Virtualization
• Security frameworks: AppArmor, SELinux, grsecurity status
• Software: file integrity
• Software: malware scanners
• Home directories: shell history files