{"id":45866210,"url":"https://github.com/nexusone23/noid-privacy-linux","last_synced_at":"2026-05-31T03:02:42.886Z","repository":{"id":341494602,"uuid":"1164913964","full_name":"NexusOne23/noid-privacy-linux","owner":"NexusOne23","description":"🛡️ Privacy \u0026 Security Audit for Linux Desktops — 300+ checks, 42 sections, zero dependencies, pure Bash. AI-powered fixes with --ai flag.","archived":false,"fork":false,"pushed_at":"2026-03-30T04:44:15.000Z","size":362,"stargazers_count":8,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-04-03T01:42:38.884Z","etag":null,"topics":["ai-tools","audit","bash","cybersecurity","debian","desktop-security","fedora","hardening","linux","linux-desktop","linux-security","noid-privacy","privacy","privacy-audit","privacy-tools","security","security-audit","shell-script","ubuntu","zero-dependencies"],"latest_commit_sha":null,"homepage":"https://noid-privacy.com/linux.html","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/NexusOne23.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"buy_me_a_coffee":"noidprivacy"}},"created_at":"2026-02-23T16:14:39.000Z","updated_at":"2026-03-30T04:42:35.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/NexusOne23/noid-privacy-linux","commit_stats":null,"previous_names":["nexusone23/noid-privacy-linux"],"tags_count":5,"template":false,"template_full_name":null,"purl":"pkg:github/NexusOne23/noid-privacy-linux","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NexusOne23%2Fnoid-privacy-linux","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NexusOne23%2Fnoid-privacy-linux/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NexusOne23%2Fnoid-privacy-linux/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NexusOne23%2Fnoid-privacy-linux/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/NexusOne23","download_url":"https://codeload.github.com/NexusOne23/noid-privacy-linux/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NexusOne23%2Fnoid-privacy-linux/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32321940,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-26T23:26:28.701Z","status":"online","status_checked_at":"2026-04-27T02:00:06.769Z","response_time":128,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ai-tools","audit","bash","cybersecurity","debian","desktop-security","fedora","hardening","linux","linux-desktop","linux-security","noid-privacy","privacy","privacy-audit","privacy-tools","security","security-audit","shell-script","ubuntu","zero-dependencies"],"created_at":"2026-02-27T08:44:32.830Z","updated_at":"2026-05-31T03:02:42.880Z","avatar_url":"https://github.com/NexusOne23.png","language":"Shell","funding_links":["https://buymeacoffee.com/noidprivacy"],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# 🛡️ NoID Privacy for Linux\n\n### Hardening Posture Audit for Linux Desktops\n\n[![License: GPL-3.0](https://img.shields.io/badge/license-GPL--3.0-blue.svg)](https://github.com/NexusOne23/noid-privacy-linux/blob/main/LICENSE)\n[![Version](https://img.shields.io/badge/version-3.6.5-green.svg)](https://github.com/NexusOne23/noid-privacy-linux/releases)\n[![Pure Bash](https://img.shields.io/badge/pure-bash-4EAA25.svg?logo=gnu-bash\u0026logoColor=white)](https://github.com/NexusOne23/noid-privacy-linux)\n[![Zero Dependencies](https://img.shields.io/badge/dependencies-zero-brightgreen.svg)](https://github.com/NexusOne23/noid-privacy-linux)\n[![Checks](https://img.shields.io/badge/checks-420%2B-orange.svg)](https://github.com/NexusOne23/noid-privacy-linux)\n[![CI](https://github.com/NexusOne23/noid-privacy-linux/actions/workflows/ci.yml/badge.svg)](https://github.com/NexusOne23/noid-privacy-linux/actions)\n[![GitHub Stars](https://img.shields.io/github/stars/NexusOne23/noid-privacy-linux?style=flat\u0026logo=github)](https://github.com/NexusOne23/noid-privacy-linux/stargazers)\n[![Last Commit](https://img.shields.io/github/last-commit/NexusOne23/noid-privacy-linux?style=flat)](https://github.com/NexusOne23/noid-privacy-linux/commits)\n[![Website](https://img.shields.io/badge/Website-noid--privacy.com-0078D4?style=flat)](https://noid-privacy.com)\n\n**420+ checks · 42 sections · Pure Bash · AI-friendly remediation prompts**\n**Optimized for Fedora/RHEL · Tested on Ubuntu/Debian · Best-effort on Arch/openSUSE/Mint/Pop!_OS**\n\n[Quick Start](#-quick-start) · [What it Checks](#-what-it-checks) · [AI Fixes](#-fix-with-ai) · [Comparison](#-comparison) · [Discussions](https://github.com/NexusOne23/noid-privacy-linux/discussions)\n\n\u003c/div\u003e\n\n---\n\n## ⚡ Quick Start\n\n```bash\ncurl -fsSL https://github.com/NexusOne23/noid-privacy-linux/raw/main/noid-privacy-linux.sh -o noid-privacy-linux.sh\nsudo bash noid-privacy-linux.sh --ai\n```\n\n420+ privacy \u0026 security checks. Zero dependencies. The `--ai` flag generates a ready-to-paste prompt — hand it to ChatGPT, Claude, or Gemini for **step-by-step fix suggestions for each finding** (you review and apply — the audit itself never touches your system).\n\n\u003e **This tool is read-only.** It does not modify your system. No files changed, no configs touched, no services restarted.\n\n\u003e **🪟 Running Windows too?** The free open-source [NoID Privacy](https://github.com/NexusOne23/noid-privacy) engine hardens **630+ settings** (GPL-3.0, PowerShell) — or get the [NoID Privacy Pro](https://noid-privacy.com) GUI for one-click Backup → Apply → Verify → Restore (one-time purchase, no subscription).\n\n---\n\n## 🎯 Scope — What this IS / NOT\n\nNoID is a **hardening posture audit** — it verifies your defense foundation is properly applied. The score reflects configuration state, not compromise resistance.\n\n| ✅ This tool **does** | ❌ This tool does **not** |\n|---|---|\n| Verify hardening recipes are applied | Replace an Intrusion Detection System |\n| Detect privacy misconfigurations | Scan for active rootkits (use AIDE/IMA/chkrootkit) |\n| Report drift from secure baselines | Find vulnerabilities (use OSV/Lynis-CVE) |\n| Generate AI remediation prompts | Perform penetration testing (use OpenVAS/Nessus) |\n| Audit 42 desktop-specific surfaces | Behavioral / memory-only malware detection |\n\n**A 98% score means hardening recipes are well-applied — not that the system is unhackable.** Defense in depth requires complementary layers:\n\n- **Layer 1** ✅ Configuration Hardening *(this tool)*\n- **Layer 2** ➕ Integrity Detection *(AIDE, IMA, chkrootkit)*\n- **Layer 3** ➕ Behavioral Monitoring *(auditd, EDR)*\n\nConfiguration is the foundation. The other layers detect what hardening cannot prevent.\n\n---\n\n## 🤔 Why This Exists\n\nMost Linux security tools were built for **servers**. They check SSH configs and firewall rules — but ignore your browser leaking DNS queries, apps phoning home, or the webcam accessible to every process.\n\n**NoID Privacy for Linux** audits both **privacy and security** on Linux desktops:\n\n| | Server Tools (Lynis, CIS) | NoID Privacy for Linux |\n|---|:---:|:---:|\n| Kernel hardening | ✅ | ✅ |\n| Firewall \u0026 SSH | ✅ | ✅ |\n| Browser privacy | ❌ | ✅ |\n| App telemetry | ❌ | ✅ |\n| DNS leak testing | ❌ | ✅ |\n| VPN kill-switch | ❌ | ✅ |\n| Webcam \u0026 Bluetooth | ❌ | ✅ |\n| AI-assisted fix prompts | ❌ | ✅ |\n\n---\n\n## 🤖 Fix with AI\n\nThis is what sets NoID Privacy for Linux apart:\n\n```bash\nsudo bash noid-privacy-linux.sh --ai\n```\n\nThe `--ai` flag generates a **structured prompt** at the end of the scan containing all your findings. Copy it. Paste it into ChatGPT, Claude, or Gemini. The AI can explain each finding, suggest commands to fix it, and prioritize by severity.\n\n**Audit → AI → Fixed.** What used to take hours takes minutes.\n\n```bash\n# AI remediation prompt (recommended)\nsudo bash noid-privacy-linux.sh --ai\n\n# Plain text for manual review\nsudo bash noid-privacy-linux.sh --no-color \u003e report.txt\n\n# Machine-readable JSON for scripts/dashboards\nsudo bash noid-privacy-linux.sh --json\n```\n\n\u003e Unlike Lynis, CIS, or privacy.sexy, NoID's `--ai` flag compiles the full findings list into a ready-to-paste remediation prompt — the feature that sets it apart.\n\n---\n\n## 📋 What it Checks\n\n### 🛡️ Security (Sections 01–34)\n\n| Category | Examples |\n|---|---|\n| **Kernel \u0026 Boot** | Secure Boot, kernel lockdown, LUKS encryption, UEFI, sysctl hardening |\n| **Firewall \u0026 Network** | iptables/nftables rules, default policies, open ports, VPN, kill-switch, DNS leaks |\n| **SSH \u0026 Auth** | Key-only auth, root login, password aging, PAM, sudo group |\n| **Encryption** | LUKS cipher strength, key size, swap encryption, entropy, certificate store |\n| **MAC \u0026 Integrity** | SELinux/AppArmor (auto-detected), rootkit scans, AIDE/Tripwire, package verification |\n| **Updates \u0026 Packages** | Security patches, auto-updates, repo integrity, GPG verification (dnf/apt/pacman/zypper) |\n| **Advanced** | Fail2Ban, USB Guard, containers, systemd sandboxing, kernel modules |\n\n### 🔒 Privacy \u0026 Desktop (Sections 35–42)\n\n| Category | Examples |\n|---|---|\n| **Browser Privacy** | Firefox telemetry, WebRTC leaks, DNS-over-HTTPS, tracking protection, Chrome warning |\n| **App Telemetry** | GNOME telemetry, crash reporters, Flatpak sandbox escapes, Snap telemetry |\n| **Network Privacy** | MAC randomization, mDNS, LLMNR, hostname privacy, IPv6 privacy extensions |\n| **Data Privacy** | Recent file tracking, thumbnail caches, core dumps, bash history, journald retention |\n| **Session Security** | Screen lock, idle detection, auto-login, lock-on-suspend, VNC/RDP |\n| **Webcam \u0026 Audio** | Device permissions, microphone, PipeWire remote access, screen sharing |\n| **Bluetooth** | Discoverability, pairable mode, active without usage |\n| **Keyring \u0026 Secrets** | Password manager, GNOME Keyring auto-unlock, SSH agent timeout, plaintext secrets |\n\n📖 **[Full Check Reference →](Docs/CHECKS.md)** — all 42 sections with descriptions\n\n---\n\n## 📸 Sample Output\n\n```\n$ sudo bash noid-privacy-linux.sh --ai\n\n  NoID Privacy for Linux v3.6.5 — Hardening Posture Audit for Linux Desktops\n  YYYY-MM-DD HH:MM:SS | mydesktop | 6.19.x-200.fc43.x86_64\n  Arch: x86_64 | Distro: Fedora Linux 43 (Workstation Edition)\n  Checks: 420+ across 42 sections (actual count: see summary)\n\n━━━ [01/42] KERNEL \u0026 BOOT INTEGRITY ━━━\n  ✅ PASS  Secure Boot: ENABLED\n  ✅ PASS  Kernel Lockdown: integrity\n  ✅ PASS  LUKS encryption active\n\n━━━ [05/42] VPN \u0026 NETWORK ━━━\n  ✅ PASS  VPN interface wg0: active\n  ✅ PASS  Default route via VPN\n  ✅ PASS  IPv6: disabled/minimal\n\n━━━ [35/42] BROWSER PRIVACY ━━━\n  ✅ PASS  Firefox telemetry disabled\n  ✅ PASS  WebRTC disabled — no IP leak\n  ⚠️  WARN  google-chrome installed — Google telemetry risk\n\n━━━ SUMMARY ━━━\n  Total checks:      420 (293 pass, 0 fail, 5 warn, 122 info)\n\n  Hardening posture is your defense foundation — the layer\n  attackers must defeat first. Complement with:\n    ✓ AIDE / IMA   — file \u0026 kernel integrity\n    ✓ auditd       — behavioral monitoring\n    ✓ chkrootkit   — known-malware scanner\n\n  HARDENING POSTURE SCORE:    98% 🏰 FULLY HARDENED\n\nScore formula: PASS×100 / (PASS + FAIL×2 + WARN)\nExit codes:    0 = clean · 1 = FAIL present · 2 = WARN-only · 130/143 = interrupted\n```\n\n---\n\n## ⚙️ Options\n\n| Flag | Description |\n|------|-------------|\n| `--ai` | Generate AI remediation prompt with all findings |\n| `--json` | Machine-readable JSON output |\n| `--no-color` | Disable colored output (for piping/logging) |\n| `--skip SECTION` | Skip specific sections (repeatable) |\n| `--help` | Show all available options and skip keywords |\n\n44 skip keywords available — run `--help` for the full list.\n\n---\n\n## 📊 Comparison\n\n| Feature | **NoID Privacy for Linux** | **Lynis** | **privacy.sexy** | **CIS Benchmark** |\n|---|:---:|:---:|:---:|:---:|\n| **Focus** | Privacy + Security for desktops | Server compliance | Script generator | Server compliance |\n| **Tests** | 420+ | 480+ | N/A | varies |\n| **Browser privacy** | ✅ | ❌ | ⚠️ Partial | ❌ |\n| **App telemetry** | ✅ | ❌ | ✅ | ❌ |\n| **DNS / VPN / MAC** | ✅ | ❌ | ❌ | ❌ |\n| **Webcam / Bluetooth** | ✅ | ❌ | ❌ | ❌ |\n| **AI remediation prompt** | ✅ | ❌ | ❌ | ❌ |\n| **JSON output** | ✅ | ✅ | N/A | ❌ |\n| **Kernel \u0026 firewall** | ✅ | ✅ | ⚠️ Partial | ✅ |\n| **Zero compiled dependencies** | ✅ | ✅ | ❌ | ❌ |\n| **Desktop-focused** | ✅ | ❌ | ✅ | ❌ |\n| **Modifies system** | ❌ | ❌ | ✅ | ❌ |\n\n**[Lynis](https://cisofy.com/lynis/)** (15k ⭐, since 2007) — Gold standard for server compliance. Doesn't cover browser privacy, telemetry, webcams, or desktop-specific concerns.\n\n**[privacy.sexy](https://privacy.sexy)** (5k ⭐) — Script generator for Windows/macOS/Linux. Modifies your system directly without auditing first.\n\n---\n\n## 📥 Installation\n\n| Requirement | Details |\n|---|---|\n| **OS** | Fedora 39+, Ubuntu 22.04+, Debian 12+, RHEL 9+, Arch Linux, openSUSE, Mint, Pop!_OS |\n| **Shell** | Bash 4.3+ |\n| **Privileges** | Root (`sudo`) for full system access |\n| **Dependencies** | None |\n\n```bash\n# One-liner\ncurl -fsSL https://github.com/NexusOne23/noid-privacy-linux/raw/main/noid-privacy-linux.sh -o noid-privacy-linux.sh\nsudo bash noid-privacy-linux.sh --ai\n\n# Or clone\ngit clone https://github.com/NexusOne23/noid-privacy-linux.git\ncd noid-privacy-linux\nsudo bash noid-privacy-linux.sh --ai\n```\n\n---\n\n## 🚀 GitHub Action\n\nUse NoID Privacy for Linux in your CI/CD pipeline to enforce privacy \u0026 security baselines:\n\n```yaml\n- name: Hardening Posture Audit\n  # SECURITY: Pin to specific version, never @main (supply chain risk)\n  uses: NexusOne23/noid-privacy-linux@v3.6.5\n  id: audit\n  with:\n    min-score: '70'   # Fail if score \u003c 70%\n```\n\n### Inputs\n\n| Input | Default | Description |\n|-------|---------|-------------|\n| `min-score` | `0` | Minimum score to pass (0 = never fail). |\n| `fail-threshold` | `''` | DEPRECATED alias for `min-score`. Use `min-score` in new workflows. |\n| `ai` | `false` | Generate AI remediation prompt in summary |\n| `skip` | `''` | Comma-separated sections to skip |\n| `args` | `''` | Additional arguments for the script |\n\n### Outputs\n\n| Output | Description |\n|--------|-------------|\n| `score` | Hardening posture score (0-100) |\n| `total` | Total checks performed |\n| `pass` / `fail` / `warn` / `info` | Check counts by severity |\n| `json` | Full JSON output |\n\n### Example: Fail PR if score drops\n\n```yaml\nname: Security Gate\non: [pull_request]\njobs:\n  audit:\n    runs-on: ubuntu-latest\n    steps:\n      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5  # v4.3.1 — pin to full SHA for supply-chain safety\n      - uses: NexusOne23/noid-privacy-linux@v3.6.5  # Pin to version, not @main\n        with:\n          min-score: '70'\n```\n\nResults appear as a rich **GitHub Actions Summary** with score, findings table, and optional AI fix prompt.\n\n📖 See [`.github/workflows/example-noid-audit.yml`](.github/workflows/example-noid-audit.yml) for a full example.\n\n---\n\n## ✅ Perfect For\n\n- **Privacy-conscious developers** — Know what your desktop is leaking\n- **Power users** — A second pair of eyes on your hardening\n- **Team leads** — Baseline audit for your team's workstations\n- **Linux newcomers** — Clear findings with AI-guided fix suggestions\n- **Security consultants** — Quick desktop audit with professional output\n\n## ❌ Not For\n\n- **Server admins** → [Lynis](https://cisofy.com/lynis/)\n- **Enterprise compliance (CIS/STIG)** → [OpenSCAP](https://www.open-scap.org/)\n- **Automated remediation** → [privacy.sexy](https://privacy.sexy)\n- **Windows** → [NoID Privacy](https://github.com/NexusOne23/noid-privacy) (free engine, 630+ settings) or [NoID Privacy Pro](https://noid-privacy.com) (commercial GUI)\n\n---\n\n## 🔗 The NoID Privacy Ecosystem\n\n| Platform | Link |\n|----------|------|\n| 🌐 **Website** | [NoID-Privacy.com](https://noid-privacy.com) — All platforms, pricing, and documentation |\n| 🪟 **Windows** | [NoID Privacy](https://github.com/NexusOne23/noid-privacy) — open-source PowerShell engine (630+ settings, 7 modules, BAVR, GPL-3.0); commercial [NoID Privacy Pro](https://noid-privacy.com) GUI wraps the engine |\n| 🐧 **Linux** | You're here! |\n| 📱 **Android** | [NoID Privacy on Google Play](https://play.google.com/store/apps/details?id=com.noid.privacy) — 87 checks, 10 categories, permission audit, Chrome hardening, anti-theft |\n\n---\n\n## 🔒 Privacy Promise\n\n**No telemetry, no analytics, no phone-home.** This tool does not collect or transmit any data about you or your system. One file, pure Bash — read every line yourself.\n\n\u003e **⚠️ Default-mode network requests:** Three sections issue requests to third parties to test for connectivity/DNS/VPN leaks:\n\u003e - **Section 5 (vpn):** `curl detectportal.firefox.com` (Mozilla), `curl ifconfig.me` (Cloudflare-fronted)\n\u003e - **Section 5 (netleaks):** `dig whoami.akamai.net` (Akamai)\n\u003e - **Section 22 (interfaces):** `dig google.com` (Google)\n\u003e\n\u003e For a **fully offline audit** that makes zero outbound requests, use:\n\u003e ```bash\n\u003e sudo bash noid-privacy-linux.sh --skip vpn --skip interfaces --skip netleaks\n\u003e ```\n\u003e The leak tests themselves require these third-party endpoints to function — there's no way to test \"does my IP leak?\" without contacting an external service.\n\n---\n\n## 🔧 Troubleshooting\n\n| Issue | Solution |\n|-------|----------|\n| `Requires root` error | Run with `sudo bash noid-privacy-linux.sh` |\n| False positive on a check | Open an [issue](https://github.com/NexusOne23/noid-privacy-linux/issues) with your distro and the finding |\n| DNS leak test fails/hangs | Skip it: `--skip netleaks`. Requires `dig` and `curl`. |\n| Score seems too low | Check if `--skip` sections are relevant to your setup. Desktop-only checks may warn on servers. |\n| Script hangs on Bluetooth | Known `bluetoothctl` timeout issue. Skip: `--skip btprivacy` |\n| Missing checks for my distro | Fedora/RHEL optimized; Ubuntu/Debian tested; Arch/openSUSE/Mint/Pop!_OS best-effort. Other distros may show more `info` results. |\n\n---\n\n## 🤝 Contributing\n\nContributions welcome — new checks, bug fixes, distro support.\n\n- [Contributing Guide](CONTRIBUTING.md) — Code architecture, style, testing\n- [Bug Reports](https://github.com/NexusOne23/noid-privacy-linux/issues) — Found a false positive?\n- [Feature Requests](https://github.com/NexusOne23/noid-privacy-linux/issues)\n- [Discussions](https://github.com/NexusOne23/noid-privacy-linux/discussions)\n- [Security Policy](SECURITY.md) — Report vulnerabilities privately\n\n---\n\n## 📜 License\n\n**GPL v3.0** — Free for personal and commercial use. Derivatives must also be GPL v3.0.\n\nFor commercial licensing without GPL requirements, open a [Discussion](https://github.com/NexusOne23/noid-privacy-linux/discussions).\n\n[Full License →](LICENSE)\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n**[⭐ Star this repo](https://github.com/NexusOne23/noid-privacy-linux)** if it's useful — helps others find the project.\n\n**NoID Privacy for Linux** — *Know your system. Harden your privacy.*\n\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnexusone23%2Fnoid-privacy-linux","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnexusone23%2Fnoid-privacy-linux","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnexusone23%2Fnoid-privacy-linux/lists"}