Linux security posture auditor with scoring, findings, and remediation guidance.
IronAudit is a defensive, local Linux hardening auditor. It runs read-only checks, produces actionable findings, computes a score, and exports reports for operations and security workflows.
- Fast baseline for Linux host security posture
- Structured findings with remediation guidance
- Consistent scoring for tracking progress over time
- Defensive-only behavior (no exploit or post-exploitation logic)
- Linux checks: SSH, firewall, services exposure, users/sudo, permissions, updates, auth
- Findings model: severity, status, category, evidence, remediation, points
- Score/rating model:
0..100with posture bands - Outputs: terminal, JSON, Markdown, HTML, SARIF
- Local web dashboard
- JSON report comparison (
baselinevscurrent) - Snapshot history (
save/list/show/trend/compare-latest) - Profiles:
workstation,server,minimal
python3 -m venv .venv
source .venv/bin/activate
pip install -e .[dev]
ironaudit scan
pytest
ruff check .
mypy ironaudit
python scripts/privacy_guard.pyCurrent local status in this repo:
- tests: pass
- lint: pass
- type-check: pass
- privacy guard: pass
# Export reports
ironaudit scan --json --output report.json
ironaudit scan --md --output report.md
ironaudit scan --html --output report.html
ironaudit scan --sarif --output report.sarif
ironaudit scan --profile server
# Narrow scope
ironaudit scan --checks ssh,firewall,users
ironaudit scan --exclude updates
# Compare two JSON reports
ironaudit compare baseline.json current.json
# Use web dashboard
ironaudit web- English docs (feature details):
- Documentation francaise: README.fr.md
- Contribution and governance:
- Some checks require local commands (
ss,apt,systemctl, etc.) - Update enumeration is currently Debian/Ubuntu focused
- Results can vary with privileges and containerized environments
IronAudit is provided for defensive auditing and educational use. It performs read-only checks and does not auto-remediate.
MIT