A comprehensive CLI tool for auditing Linux system security posture.
For all the checks to effectively be done this tool it needs root access.
pip install linux-security-audit-toolsudo env "PATH=$PATH" security-audit --help
sudo env "PATH=$PATH" security-audit audit
sudo env "PATH=$PATH" security-audit audit -p 0 -1 # Run specific phases
sudo env "PATH=$PATH" security-audit audit -o report.md # Save markdown report
sudo env "PATH=$PATH" security-audit audit --quiet # Summary only
sudo env "PATH=$PATH" security-audit audit --debug # Show executed commands
sudo env "PATH=$PATH" security-audit audit --remediate-all # Generate remediation script for all findings
sudo env "PATH=$PATH" security-audit audit --remediate-only-critical # Generate remediation script for CRITICAL only
sudo env "PATH=$PATH" security-audit audit --remediate-non-critical # Generate remediation script for non-CRITICAL
sudo env "PATH=$PATH" security-audit audit --pdf report.pdf # Generate PDF reportsecurity-audit [OPTIONS] COMMAND [ARGS]...
Options:
--version Show the version and exit.
--help Show this message and exit.
Commands:
audit Run a full security audit.
version Show version information.--output,-o FILE- Output file for markdown report--phases,-p [0-9]- Specific phases to run (can be repeated)--quiet,-q- Suppress detailed output--verbose,-v- Show descriptions and remediation--debug,-d- Show low-level commands being executed--remediate-all,-r- Generate remediation script for all findings--remediate-only-critical- Generate remediation script for CRITICAL findings only--remediate-non-critical- Generate remediation script for non-CRITICAL findings--remediate-script FILE- Save remediation script to file--pdf FILE- Generate PDF executive report--cache- Enable caching of check results--cache-ttl INTEGER- Cache TTL in seconds (default: 3600)
from security_audit import gather_context, run_identity_checks, calculate_security_score
from security_audit.core import Finding, Severity
# Run a full audit
context = gather_context()
findings = run_identity_checks()
score = calculate_security_score(findings)The tool performs security checks across 9 phases:
- Phase 0: Context Gathering (hostname, OS, kernel)
- Phase 1: Identity & Access Control (users, sudo, SSH)
- Phase 2: Network Exposure (listening services, firewall, sysctl)
- Phase 3: File System & Permissions (SUID, world-writable, cron)
- Phase 4: Process & Service Posture (services, AppArmor, SELinux, rkhunter)
- Phase 5: Kernel & OS Hardening (sysctl, ASLR, module blacklist)
- Phase 6: Logging & Monitoring (auditd, logs, syslog)
- Phase 7: Package & Update Hygiene (updates, repos)
- Phase 8: Cryptographic Posture (SSH keys, TLS, password hashing)
git clone https://github.com/daedalus/linux-security-audit-tool.git
cd linux-security-audit-tool
pip install -e ".[test]"
# run tests
pytest
# format
ruff format src/ tests/
# format markdown
mdformat .
# lint + type check (prospector runs ruff check + mypy + pylint together)
prospector --with-tool ruff --with-tool mypy --with-tool pylint src/
opengrep --config=auto --severity=ERROR src/
# find unused code (vulture reports dead code with 90%+ confidence)
vulture --min-confidence 90 src/
# analyze code complexity (lizard reports cyclomatic complexity, NLOC, etc.)
lizard src/ --CCN 10
# track API impact (impactguard analyzes how staged changes affect public API)
impactguard-check-staged