https://github.com/daedalus/linux-security-audit-tool
A comprehensive CLI tool for auditing Linux system security posture.
https://github.com/daedalus/linux-security-audit-tool
Last synced: 2 months ago
JSON representation
A comprehensive CLI tool for auditing Linux system security posture.
- Host: GitHub
- URL: https://github.com/daedalus/linux-security-audit-tool
- Owner: daedalus
- License: mit
- Created: 2026-04-04T04:28:08.000Z (3 months ago)
- Default Branch: master
- Last Pushed: 2026-04-04T06:21:00.000Z (3 months ago)
- Last Synced: 2026-04-04T08:12:59.274Z (3 months ago)
- Language: Python
- Homepage:
- Size: 38.1 KB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE
Awesome Lists containing this project
README
# Linux Security Audit Tool
A comprehensive CLI tool for auditing Linux system security posture.
For all the checks to effectively be done this tool it needs root access.
[](https://pypi.org/project/linux-security-audit-tool/)
[](https://pypi.org/project/linux-security-audit-tool/)
[](https://github.com/astral-sh/ruff)
## Install
```bash
python3 -m venv venv
source venv/bin/activate
pip install linux-security-audit-tool
```
## Usage
```bash
sudo env "PATH=$PATH" security-audit --help
sudo env "PATH=$PATH" security-audit audit
sudo env "PATH=$PATH" security-audit audit -p 0 -1 # Run specific phases
sudo env "PATH=$PATH" security-audit audit -o report.md # Save markdown report
sudo env "PATH=$PATH" security-audit audit --quiet # Summary only
sudo env "PATH=$PATH" security-audit audit --debug # Show executed commands
sudo env "PATH=$PATH" security-audit audit --remediate-all # Generate remediation script for all findings
sudo env "PATH=$PATH" security-audit audit --remediate-only-critical # Generate remediation script for CRITICAL only
sudo env "PATH=$PATH" security-audit audit --remediate-non-critical # Generate remediation script for non-CRITICAL
sudo env "PATH=$PATH" security-audit audit --pdf report.pdf # Generate PDF report
```
## CLI
```bash
security-audit [OPTIONS] COMMAND [ARGS]...
Options:
--version Show the version and exit.
--help Show this message and exit.
Commands:
audit Run a full security audit.
version Show version information.
```
## Audit Command Options
- `--output`, `-o FILE` - Output file for markdown report
- `--phases`, `-p [0-9]` - Specific phases to run (can be repeated)
- `--quiet`, `-q` - Suppress detailed output
- `--verbose`, `-v` - Show descriptions and remediation
- `--debug`, `-d` - Show low-level commands being executed
- `--remediate-all`, `-r` - Generate remediation script for all findings
- `--remediate-only-critical` - Generate remediation script for CRITICAL findings only
- `--remediate-non-critical` - Generate remediation script for non-CRITICAL findings
- `--remediate-script FILE` - Save remediation script to file
- `--pdf FILE` - Generate PDF executive report
- `--cache` - Enable caching of check results
- `--cache-ttl INTEGER` - Cache TTL in seconds (default: 3600)
## Development
```bash
git clone https://github.com/daedalus/linux-security-audit-tool.git
cd linux-security-audit-tool
pip install -e ".[test]"
# run tests
pytest
# format
ruff format src/ tests/
# lint
ruff check src/ tests/
# type check
mypy src/
```
## API
```python
from security_audit import gather_context, run_identity_checks, calculate_security_score
from security_audit.core import Finding, Severity
# Run a full audit
context = gather_context()
findings = run_identity_checks()
score = calculate_security_score(findings)
```
## Audit Phases
The tool performs security checks across 9 phases:
- **Phase 0**: Context Gathering (hostname, OS, kernel)
- **Phase 1**: Identity & Access Control (users, sudo, SSH)
- **Phase 2**: Network Exposure (listening services, firewall, sysctl)
- **Phase 3**: File System & Permissions (SUID, world-writable, cron)
- **Phase 4**: Process & Service Posture (services, AppArmor, SELinux, rkhunter)
- **Phase 5**: Kernel & OS Hardening (sysctl, ASLR, module blacklist)
- **Phase 6**: Logging & Monitoring (auditd, logs, syslog)
- **Phase 7**: Package & Update Hygiene (updates, repos)
- **Phase 8**: Cryptographic Posture (SSH keys, TLS, password hashing)