How to use Lynis and is it safe to run in Ubuntu? does it really scan for malware and vulnerability?

how to use use Lynis and does it really scan for malware and vulnerabilities in Ubuntu and can i run this with sudo privileges
i scanned by using this command $./lynis --check-all it successfully scanned and given some results
but in that results some suggestions and

  • Checking presence GRUB2 [ FOUND ]
    • Checking for password protection [ NONE ]
  • Checking default I/O kernel scheduler [ NOT FOUND ]
  • Password file consistency [ SUGGESTION ]
  • PAM password strength tools [ SUGGESTION ]
  • Checking user password aging (minimum) [ DISABLED ]
  • User password aging (maximum) [ DISABLED ]
  • Determining default umask
    • umask (/etc/profile) [ NOT FOUND ]
    • umask (/etc/login.defs) [ SUGGESTION ]
    • LDAP authentication support [ NOT ENABLED ]

[+] Kernel Hardening

  • Comparing sysctl key pairs with scan profile
    • fs.protected_hardlinks (exp: 1) [ OK ]
    • fs.protected_symlinks (exp: 1) [ OK ]
    • fs.suid_dumpable (exp: 0) [ DIFFERENT ]
    • kernel.core_uses_pid (exp: 1) [ DIFFERENT ]
    • kernel.ctrl-alt-del (exp: 0) [ OK ]
    • kernel.dmesg_restrict (exp: 1) [ DIFFERENT ]
    • kernel.kptr_restrict (exp: 2) [ DIFFERENT ]
    • kernel.randomize_va_space (exp: 2) [ OK ]
    • kernel.sysrq (exp: 0) [ DIFFERENT ]
    • kernel.yama.ptrace_scope (exp: 1 2 3) [ OK ]
    • net.ipv4.conf.all.accept_redirects (exp: 0) [ DIFFERENT ]
    • net.ipv4.conf.all.accept_source_route (exp: 0) [ OK ]
    • net.ipv4.conf.all.bootp_relay (exp: 0) [ OK ]
    • net.ipv4.conf.all.forwarding (exp: 0) [ OK ]
    • net.ipv4.conf.all.log_martians (exp: 1) [ DIFFERENT ]
    • net.ipv4.conf.all.mc_forwarding (exp: 0) [ OK ]
    • net.ipv4.conf.all.proxy_arp (exp: 0) [ OK ]
    • net.ipv4.conf.all.rp_filter (exp: 1) [ DIFFERENT ]
    • net.ipv4.conf.all.send_redirects (exp: 0) [ DIFFERENT ]
    • net.ipv4.conf.default.accept_redirects (exp: 0) [ DIFFERENT ]
    • net.ipv4.conf.default.accept_source_route (exp: 0) [ DIFFERENT ]
    • net.ipv4.conf.default.log_martians (exp: 1) [ DIFFERENT ]
    • net.ipv4.icmp_echo_ignore_broadcasts (exp: 1) [ OK ]
    • net.ipv4.icmp_ignore_bogus_error_responses (exp: 1) [ OK ]
    • net.ipv4.tcp_syncookies (exp: 1) [ OK ]
    • net.ipv4.tcp_timestamps (exp: 0 1) [ OK ]
    • net.ipv6.conf.all.accept_redirects (exp: 0) [ DIFFERENT ]
    • net.ipv6.conf.all.accept_source_route (exp: 0) [ OK ]
    • net.ipv6.conf.default.accept_redirects (exp: 0) [ DIFFERENT ]
    • net.ipv6.conf.default.accept_source_route (exp: 0) [ OK ]

[+] Hardening

- Installed compiler(s)                                   [ FOUND ]
- Installed malware scanner                               [ FOUND ]

Lynis security scan details:

Hardening index : 69 [############# ]
Tests performed : 224
Plugins enabled : 0

Components:

  • Firewall [V]
  • Malware scanner [V]

Lynis modules:

  • Compliance status [?]
  • Security audit [V]
  • Vulnerability scan [V]

Files:

  • Test and debug information : /var/log/lynis.log
  • Report data : /var/log/lynis-report.dat

what this results mean some categories giving suggestions,some are not found some disabled what all those some one please explain clearly and can i share all this scanning results like this.

I am not going to try to answer your question as some of this is far too technical for me as well … But I am interested

It’s not a end user tool and not really a virus scanner in my opinion

More for the security of a system as the article suggests so for a multi user system
Yes it runs on Ubuntu but would not say you have a virus or solve it, if that is what your looking for I would go for clamav but others are available such as https://www.ubuntupit.com/best-linux-antivirus-top-10-reviewed-compared/

Interested in other comments on this subject