A comprehensive CLI tool for auditing Linux system security posture.
For all the checks to effectively be done this tool it needs root access.
python3 -m venv venv
source venv/bin/activate
pip install linux-security-audit-toolsudo env "PATH=$PATH" security-audit --help
sudo env "PATH=$PATH" security-audit audit
sudo env "PATH=$PATH" security-audit audit -p 0 -1 # Run specific phases
sudo env "PATH=$PATH" security-audit audit -o report.md # Save markdown report
sudo env "PATH=$PATH" security-audit audit --quiet # Summary only
sudo env "PATH=$PATH" security-audit audit --debug # Show executed commands
sudo env "PATH=$PATH" security-audit audit --remediate-all # Generate remediation script for all findings
sudo env "PATH=$PATH" security-audit audit --remediate-only-critical # Generate remediation script for CRITICAL only
sudo env "PATH=$PATH" security-audit audit --remediate-non-critical # Generate remediation script for non-CRITICAL
sudo env "PATH=$PATH" security-audit audit --pdf report.pdf # Generate PDF reportsecurity-audit [OPTIONS] COMMAND [ARGS]...
Options:
--version Show the version and exit.
--help Show this message and exit.
Commands:
audit Run a full security audit.
version Show version information.--output,-o FILE- Output file for markdown report--phases,-p [0-9]- Specific phases to run (can be repeated)--quiet,-q- Suppress detailed output--verbose,-v- Show descriptions and remediation--debug,-d- Show low-level commands being executed--remediate-all,-r- Generate remediation script for all findings--remediate-only-critical- Generate remediation script for CRITICAL findings only--remediate-non-critical- Generate remediation script for non-CRITICAL findings--remediate-script FILE- Save remediation script to file--pdf FILE- Generate PDF executive report--cache- Enable caching of check results--cache-ttl INTEGER- Cache TTL in seconds (default: 3600)
git clone https://github.com/daedalus/linux-security-audit-tool.git
cd linux-security-audit-tool
pip install -e ".[test]"
# run tests
pytest
# format
ruff format src/ tests/
# lint
ruff check src/ tests/
# type check
mypy src/from security_audit import gather_context, run_identity_checks, calculate_security_score
from security_audit.core import Finding, Severity
# Run a full audit
context = gather_context()
findings = run_identity_checks()
score = calculate_security_score(findings)The tool performs security checks across 9 phases:
- Phase 0: Context Gathering (hostname, OS, kernel)
- Phase 1: Identity & Access Control (users, sudo, SSH)
- Phase 2: Network Exposure (listening services, firewall, sysctl)
- Phase 3: File System & Permissions (SUID, world-writable, cron)
- Phase 4: Process & Service Posture (services, AppArmor, SELinux, rkhunter)
- Phase 5: Kernel & OS Hardening (sysctl, ASLR, module blacklist)
- Phase 6: Logging & Monitoring (auditd, logs, syslog)
- Phase 7: Package & Update Hygiene (updates, repos)
- Phase 8: Cryptographic Posture (SSH keys, TLS, password hashing)