-
Notifications
You must be signed in to change notification settings - Fork 2
Contributing
Thank you for your interest in contributing to the Linux Security Audit Project! This page summarizes key points - for the full guidelines, see CONTRIBUTING.md in the main repository.
- Report bugs - Found an issue? Open a GitHub Issue
- Suggest features - Have an idea? Start a Discussion
- Improve documentation - Enhance wiki pages, add examples, fix typos
- Submit bug fixes - Fix issues and submit pull requests
- Add checks - Contribute new security checks or modules
- Test - Validate on different Linux distributions
- Translate - Help with internationalization
- Fork the repository
- Create a feature branch (
git checkout -b feature/NewSecurityCheck) - Follow coding standards (see Development Guide)
- Test on multiple distributions
- Update documentation
- Commit changes (
git commit -m 'Add: New SSH key rotation check') - Push to branch (
git push origin feature/NewSecurityCheck) - Open a Pull Request with detailed description
- Module file:
modules/module_name.py - Follows naming convention and structure
- Uses shared_components caching API where applicable
- Standalone execution works:
python3 modules/module_name.py - Integrates with orchestrator:
python3 linux_security_audit.py -m NAME - Works with profiling:
python3 linux_security_audit.py -m NAME --perf-profile - All checks produce consistent result format
- Compliance scores compute correctly
- Remediation commands are valid
- Documentation updated
- Python 3.7+ (dataclasses required)
- Zero external dependencies (stdlib only)
- Comprehensive code comments and docstrings
- Error handling with graceful degradation
- OS-aware checks where applicable
See CONTRIBUTING.md for the complete guidelines.
Linux Security Audit Project - Version 3.9 - MIT License
Repository - Releases - Issues - Pull Requests
Changelog - Contributing - Security Policy - License
Frameworks: Core - CIS - CISA - ENISA - ISO 27001 - NIST - NSA - STIG - ACSC - CMMC - DistBaseline - EDR - GDPR - HIPAA - PCI-DSS - SOC2
Coverage: 16 Modules - 2,297 Automated Security Checks - 5 Native Output Formats - Zero External Dependencies
This documentation reflects Linux Security Audit Project v3.9 (cross-framework remediation consistency via the canonical remediation registry, PCI-DSS module rename, compliance-scoring fix, attack-surface assessment, per-framework split reports, cross-module correlation, 18 distribution profiles, rollup metrics, OS-aware remediation library). For older versions, see the release tags.
Version 3.9 - 16 modules - 2,297 checks
Original modules (v2.0 baseline + v3.3 expansion)
Core - CIS - CISA - ENISA - ISO 27001 - NIST - NSA - STIG
New modules (v3.0+ Phase 3)
ACSC - CMMC - DistBaseline - EDR - GDPR - HIPAA - PCI-DSS - SOC2
Output Formats
HTML - JSON - CSV - XML - Console
Status Values
Pass - Fail - Warning - Info - Error
Severity Levels
Critical - High - Medium - Low - Informational