-
Notifications
You must be signed in to change notification settings - Fork 2
Changelog
This page mirrors the project's CHANGELOG.md. For the definitive version history, refer to the main repository file.
Release Date: June 13, 2026
This release introduces cross-framework remediation consistency: a canonical
remediation registry (shared_components/canonical_remediations.py, 37 topics)
unifies the guidance for the same underlying fix across all 16 frameworks while
preserving each framework's control identifiers and intent, documented in
docs/Remediation-Cross-Map.md. It also fixes a latent compliance-scoring bug
(module discovery now reads each module's declared MODULE_NAME, so all 16
modules score correctly instead of 9 reporting a vacuous 100% on 0 matched
checks), renames the PCI module to PCI-DSS (with PCIDSS/PCI/pci-dss
selector aliases), fixes split-report compliance scoring, adds canonical shared
physical assessments (shared_assessments.py: world-writable files, SUID/SGID,
unowned files, firewall posture), rebuilds the attack-surface report to full
interactive feature parity with deeper firewall/executable-PATH/shared-object
checks, expands distribution profiles from 8 to 18, and converts all source and
documentation to pure ASCII for cross-platform portability. It builds on v3.8
(attack-surface assessment, per-framework split reports), v3.7.1 (remediation
consistency + latent OSInfo bug fixes), v3.7 (cross-module correlation,
distribution profiles, rollup metrics), v3.6 (helper caching), and v3.5 (deeper
expansion). For the complete, definitive history of all releases, see the main
repository CHANGELOG.md.
Project total: 2,297 checks across 16 modules; all modules run end-to-end with 0 errors and 0 aborts.
Release Date: April 26, 2026
This release explicitly addresses the gap audit raised after v3.4. Major work in five areas:
- README.md - v3.4-v3.5 Capabilities section added (remediation library, pretty_name, mock tests, Mermaid diagrams, runtime fixes)
- SECURITY.md - supported-versions table refreshed
- CONTRIBUTING.md - Testing Guidelines rewritten with v3.4 mock test documentation; multi-distro testing matrix expanded
Library rebuilt with 49 tools (up from 30):
- New entries: chkrootkit, gnupg, openssl, sudo, cron, rsyslog, logrotate, audisp-remote, sysstat, snort, zeek, wazuh-agent, grype, duplicity, iptables, bandit, pam-pwquality, pam-faillock, zypper-automatic
- Per-family
verifyandpost_installdicts populated for all relevant families (was: predominantly Debian-only) - Service-name routing: clamav-daemon vs clamd, chrony vs chronyd
- 12 mock-based parity tests in
tests/test_remediation_library.py
tests/test_os_detection.py - 25 mock-based tests covering:
- Debian family: Ubuntu 22.04, 24.04, 26.04, Debian 12, Mint, Pop!_OS, Kali, Parrot
- Red Hat family: RHEL 9.4, CentOS Stream 9, Rocky 9.3, AlmaLinux 9.3, Fedora 40, Oracle Linux 9, Amazon Linux 2023
- SUSE family: openSUSE Leap 15.5, Tumbleweed, SLES 15 SP5
- Arch family: Arch, Manjaro, EndeavourOS
- Independent: Alpine 3.19, Gentoo
Plus universal invariants: pretty_name always populated; family never Unknown.
tasks/todo.md documents the ~1,286-check gap to internal targets across
all 16 modules. v3.5 does NOT close this gap; it explicitly defers to
v3.6+ with prioritized phasing.
- DistBaseline
int(mode, 8)corrected - NIST AU-9(2)
audisp_setbool coercion
Release Date: April 26, 2026
Phase 2 v3.3 expansion completed across all 16 framework modules. Project advanced from baseline 1,358 checks to ~1,994 checks (+636 across all v3.x).
Original 8 modules expanded:
- Core (+~22): per-service systemd hardening, advanced kernel features, secure boot, SUSE/Arch specifics, container host, NTS, advanced filesystem
- CIS (+40): SSH 5.2.13-22, faillock, pwquality depth, auditd 4.1.3.1-20, nftables, filesystem disabled modules, crypto policy
- CISA (+35): CPG v1.0.1, ZTMM v2.0, BOD 22-01/23-01, Secure by Design
- ENISA (+25 runtime, 122 confirmed): NIS2 Article 21.2, DORA, Threat Landscape, EU-CSA
- ISO27001 (+19): Annex A.8.27-A.8.34, ISO 27017 cloud, 27018 PII, 27701 PIMS
- NIST (+32): 800-207 ZTA Tenets 1-7, 800-161 SCRM, CSF 2.0 Govern, PE/PM, 800-171 advanced
- NSA (+~28-58): SELinux booleans, FIPS 140-3 depth, kernel hardening, network protocols, NSA CSAs, CSfC
- STIG (+31): RHEL 9 V-numbers, Ubuntu 22.04 V-numbers, GPOS SRG, Container Platform SRG
8 new modules added (Phase 3): ACSC, CMMC, DistBaseline, EDR, GDPR, HIPAA, PCI, SOC2 - 555 checks total.
- Wiki refreshed: Module_Documentation.md (3,049 lines), Framework_Reference.md (1,586 lines), Examples.md (953 lines)
- All 16 modules + 16 frameworks fully documented
- Sidebar, Footer, FAQ, Quick Start updated
Release Date: March 2, 2026
-
Performance Architecture (Phase 2):
- Shared components library (
shared_components/audit_common.py, 2,195 lines) - Intelligent caching with ~50% hit rate across modules
- Parallel module execution (
--parallel,--workers) - Direct /proc filesystem reads; dynamic module discovery from
modules/ - OS-aware functionality (Debian, Red Hat, SUSE, Arch families)
- Performance profiling via
--perf-profile
- Shared components library (
-
Structured Logging (Phase 3.1):
-
logs/directory with hostname-stamped filenames -
--log-level,--log-file,--json-log,--verbose,--quiet - Hybrid
log_and_print()for simultaneous console/file output
-
-
Interactive HTML Report Rewrite (Phase 3.2):
- SVG donut chart, compliance matrix, remediation priority ranking
- Column resizing, in-column filtering, column visibility toggles
- Global search (include/exclude), multi-format export (CSV/Excel/JSON/XML/TXT)
- Row selection, print CSS, Table of Contents, dark/light theme, Garamond typography
-
Compliance Scoring (Phase 3.5):
-
ComplianceScoredataclass: simple, weighted, severity-adjusted methods - Configurable threshold (default 70%), per-module and overall scores
-
-
Dashboard Filtering (Enhancement 1):
- Clickable donut segments, summary cards, severity cards filter all tables
-
IP Address Identification (Enhancement 2):
-
get_system_ip_addresses()with 4 detection methods - Displayed in HTML, console, JSON, XML
-
- Project structure: flat ->
modules/+shared_components/+logs/+reports/ - Python 3.6 -> 3.7 (dataclasses); check count validated at 1,207
- HTML report: complete rewrite (18+ features); companion JSON auto-generated
See the full CHANGELOG.md for version 1.1 and 1.0 history.
Linux Security Audit Project - Version 3.9 - MIT License
Repository - Releases - Issues - Pull Requests
Changelog - Contributing - Security Policy - License
Frameworks: Core - CIS - CISA - ENISA - ISO 27001 - NIST - NSA - STIG - ACSC - CMMC - DistBaseline - EDR - GDPR - HIPAA - PCI-DSS - SOC2
Coverage: 16 Modules - 2,297 Automated Security Checks - 5 Native Output Formats - Zero External Dependencies
This documentation reflects Linux Security Audit Project v3.9 (cross-framework remediation consistency via the canonical remediation registry, PCI-DSS module rename, compliance-scoring fix, attack-surface assessment, per-framework split reports, cross-module correlation, 18 distribution profiles, rollup metrics, OS-aware remediation library). For older versions, see the release tags.
Version 3.9 - 16 modules - 2,297 checks
Original modules (v2.0 baseline + v3.3 expansion)
Core - CIS - CISA - ENISA - ISO 27001 - NIST - NSA - STIG
New modules (v3.0+ Phase 3)
ACSC - CMMC - DistBaseline - EDR - GDPR - HIPAA - PCI-DSS - SOC2
Output Formats
HTML - JSON - CSV - XML - Console
Status Values
Pass - Fail - Warning - Info - Error
Severity Levels
Critical - High - Medium - Low - Informational