A UNIX security auditing tool based on several security frameworks
Switch branches/tags
Nothing to show
Clone or download
Failed to load latest commit information.
aws Code cleanup Feb 10, 2017
functions Fixed uname and stat on OS X Dec 26, 2017
modules Code update Aug 14, 2017
README.md Code cleanup Feb 10, 2017
changelog Fixed uname and stat on OS X Dec 26, 2017
lunar.png Code cleanup Feb 10, 2017
lunar.sh Fixed uname and stat on OS X Dec 26, 2017


alt tag


Lockdown UNix Auditing and Reporting


This scripts generates a scored audit report of a Unix host's security. It is based on the CIS and other frameworks. Where possible there are references to the CIS and other benchmarks in the code documentation.

Why a shell script? I wanted a tool that was able to run on locked down systems where other tools may not be available. I also wanted a tool that ran on all versions of UNIX. Having said that there are some differences between sh and bash, so I've used functions only from sh.

There is no warranty implied or given with this script. My recommendation is to use this script in audit mode only, and address each warning individually via policy, documentation and configuration management.

It can also can perform a lockdown. Unlike some other scripts I have added capability to backout changes. Files are backed up using cpio to a directory based on the date.

Although it can perform a lockdown, as previously stated, I'd recommend you address the warnings via policy, documentation and configuration management. This is how I use the tool. The AWS Services audit only supports reporting, it does not provide lockdown capability.

Supported Operating Systems

The following Operating Systems are supported:

  • Linux
    • RHEL 5,6,7
    • Centos 5,6,7
    • Scientific Linux
    • SLES 10,11,12
    • Debian
    • Ubuntu
    • Amazon Linux
  • Solaris (6,7,8,9,10 and 11)
  • Mac OS X
  • FreeBSD (needs more testing)
  • AIX (needs more testing)
  • ESXi (initial support - some tests)

Windows support would require the installation of additional software, so I haven't looked into it. Having said that, Windows support may come in the future via bash.

Supported Services

The following services are supported:

  • AWS
  • Docker

The AWS Services audit uses the AWS CLI, and as such requires a user with the appropriate rights. It does not currently support the lockdown capability, it only supports generating an audit report against the CIS benchmark.

There are a couple of the checks that can only be done or resolved via the GUI. An example of this is enabling billing. Refer to the CIS Benchmark for more information.

Where possible I've put suggested fix commands in the verbose audit output. Again in some cases, these can only be done by the CLI. Refer to the CIS Benchmark for more information.

In addition I've added a recommendations mode that checks AWS against publicly available best practice from companies like Cloud Conformity.



  • Ubuntu / Debian
    • sysv-rc-conf
    • bc
    • finger

For AWS:

  • AWS
    • AWS CLI
    • AWS Credentials (API Access and Secret Keys)
    • Read rights to appropriate AWS services, e.g.
      • CloudTrail:DescribeTrails
      • Config:DescribeConfigurationRecorders
      • SNS:ListSubscriptionsByTopic


This software is licensed as CC-BA (Creative Commons By Attrbution)


More Information

For more information refer to wiki:




Solaris 11


Amazon Linux