Skip to main content

A hardening tool for *nixes

Project description

What is it?

HnTool is an open source (GPLv2) hardening tool for Unix. It scans your system for vulnerabilities or problems in configuration files allowing you to get a quick overview of the security status of your system.

To use HnTool download it and run:

# ./hntool

Supported systems

HnTool was already tested and is working on:

  • Arch Linux
  • CentOS
  • Debian
  • Fedora
  • Gentoo
  • Ubuntu

If you are using HnTool on a system that is not listed above, please, let us know.

How to install

To install HnTool run the following command, as root:

# python install --prefix /usr/ --root /

How to use

Run HnTool with:

# ./hntool

You can also see the hntool(1) manual by typing ‘man hntool’ at the command line or see the usage help:

$ hntool -h

Understanding the output

There are 5 types of results:

  • OK :
    Means that the item checked is fine and that you do not need to worry
  • INFO:
    Means that you should know the item status, but probably it is fine. A port opened, for example.
  • LOW:
    Means that a security problem was found, but it does not provides a high risk for your system.
    Things are getting worse and you should start to worry about these itens.
  • HIGH:
    You have an important security hole/problem on your system and you should fix it NOW or run and save your life.

How can I help?

There are several ways that you can contribute and help HnTool’s development. You can contribute with code, patchs, bugs and feature requests.

To report a bug or a feature request for HnTool, file a issue in our Google Code page:

If you’re reporting a bug, please give concrete examples of how and where the problem occurs.

If you’ve a patch (fixing a bug or a new HnTool module), then you can file an issue on Google Code too:

HnTool’s source is available on:

How to create a module

This section documents the innards of HnTool and specifies how to create a new module.

The main HnTool program ( runs a list of rules defined in __files__ and __services__.

  • __files__ :
    defines the rules which process simple files and configs.
  • __services__ :
    defines the rules which checks the security on services and daemons.

Once your module is finalized, remember to add it to the appropriate array (__files__ or __services__) defined in hntool/

A sample HnTool module is like this (hntool/

import os

class rule:
        def short_name(self):
                return "ssh"
        def long_name(self):
                return "Checks security problems on sshd config file"
        def __init__(self, options):
        def analyze(self, options):
                check_results = {'ok': [], 'low': [], 'medium': [], 'high': [], 'info': []}
                ssh_conf_file = ['/etc/ssh/sshd_config', '/etc/sshd_config']

                for sshd_conf in ssh_conf_file:
                        if os.path.isfile(sshd_conf):
                                        fp = open(sshd_conf,'r')
                                except IOError, (errno, strerror):
                                        check_results['info'].append('Could not open %s: %s' % (sshd_conf, strerror))

                                lines = [x.strip('\n') for x in fp.readlines()]

                                # Checking if SSH is using the default port
                                if 'Port 22' in lines or '#Port 22' in lines:
                                        check_results['low'].append('SSH is using the default port')
                                        check_results['ok'].append('SSH is not using the default port')

                                # Closing the sshd_config file

                        return check_results
        def type(self):
                return "files"

Mostly, the code is self-explanatory. The following are the list of the methods that each HnTool module must have:

  • short_name(self)
    Returns a string containing a short name of the module. Usually,this is the same as the basename of the module file.
  • long_name(self)
    Returns a string containing a concise description of the module. This description is used when listing all the rules using hntool -l.
  • analyze(self)
    Should return a list comprising in turn of five lists: ok, low, medium, high and info.
  • type(self)
    “files” for a module processing simple files and configs “services” for a module processing services and daemons

Project details

Release history Release notifications

This version


Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page