Skip to content

KalesTech/linux-host-audit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
audit.sh
audit.sh
 
 

Repository files navigation

Linux Host Audit

A lightweight Linux system audit and inventory collection script.

This tool collects a comprehensive snapshot of system configuration, hardware, software, and network state and saves the results in a timestamped directory with an accompanying compressed archive.

Overview

Linux Host Audit is designed for situations where you need a clear, human‑readable snapshot of a Linux system at a specific point in time.

Typical use cases include:

  • System documentation
  • Host audits
  • Migration or rebuild preparation
  • Incident response evidence collection
  • Learning and lab environments

The script focuses on breadth and clarity, not continuous monitoring.

Security and Scope Notes

⚠️ This tool collects sensitive system information. Do not upload audit output to public repositories or share archives without reviewing their contents.

This tool does not perform hardening, intrusion prevention, or real‑time monitoring. It is a read‑only audit utility.

What This Script Collects

System & OS

  • Kernel version
  • OS release information
  • Desktop environment / session type
  • Active shell

Software

  • Explicitly installed packages (pacman)
  • AUR packages (yay or paru)
  • Running processes

Services

  • Running systemd services
  • Enabled systemd services

Hardware

  • CPU details
  • Memory usage
  • Block devices and partitions
  • USB devices
  • PCI devices

Disk Usage

  • Mounted filesystem usage
  • Per‑directory size summary of home directory

Networking

  • Network interfaces
  • NetworkManager device details

User & Scheduling

  • User dotfiles listing
  • User cron jobs
  • Root cron jobs (requires sudo)

Usage

  1. Make the script executable: chmod +x audit.sh

  2. Run the script: ./audit.sh

A timestamped directory will be created under: ~/EndeavourOS-Audit/

After completion, the directory is archived into: TIMESTAMP.tar.gz

Output Structure

EndeavourOS-Audit/ └── 2026-04-06_14-30-55/ ├── audit.log ├── system_info.txt ├── installed_packages.txt ├── aur_packages.txt ├── kernel_info.txt ├── os_info.txt ├── desktop_info.txt ├── active_services.txt ├── enabled_services.txt ├── dotfiles_list.txt ├── cpu_info.txt ├── disk_partitions.txt ├── usb_devices.txt ├── pci_devices.txt ├── memory_info.txt ├── disk_usage.txt ├── home_folder_sizes.txt ├── network_interfaces.txt ├── network_details.txt ├── shell_info.txt ├── running_processes.txt ├── user_cron_jobs.txt ├── root_cron_jobs.txt └── README.md

Platform Notes

  • Designed for Arch‑based systems (Arch, EndeavourOS)
  • Uses pacman for package inventory
  • Uses yay or paru for AUR detection (if installed)
  • Requires systemd
  • Root cron inspection requires sudo access

Security Considerations

  • No network access
  • No system configuration changes
  • Read‑only inspection only
  • Output is written to a user‑controlled directory
  • Sudo is used only for root cron job visibility

Limitations

  • Arch‑specific package tooling
  • Snapshot‑only (no comparison between runs)
  • Intended for manual execution, not daemon use

Future Improvements

  • Optional non‑root mode
  • Cross‑distribution package support
  • JSON output option
  • Configurable output directory
  • Comparison mode between snapshots

License

This project is licensed under the MIT License.

About

Lightweight Linux host audit and inventory collection tool for documentation and incident response.

Topics

linux bash security devops incident-response system-administration system-audit host-audit

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages