Comprehensive Linux security auditing and hardening tool

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for dclavijo from gravatar.com dclavijo

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Dario Clavijo
  • Requires: Python >=3.11
  • Provides-Extra: all , cli , dev , lint , test
Report project as malware

Project description

Linux Security Audit Tool

A comprehensive CLI tool for auditing Linux system security posture.

PyPI Python Ruff

Install

pip install linux-security-audit-tool

Usage

security-audit --help
security-audit audit
security-audit audit -p 0 -1           # Run specific phases
security-audit audit -o report.md      # Save markdown report
security-audit audit --quiet           # Summary only
security-audit audit --debug           # Show executed commands
security-audit audit --remediate-all   # Generate remediation script for all findings
security-audit audit --remediate-only-critical  # Generate remediation script for CRITICAL only
security-audit audit --remediate-non-critical   # Generate remediation script for non-CRITICAL
security-audit audit --pdf report.pdf  # Generate PDF report

CLI

security-audit [OPTIONS] COMMAND [ARGS]...

Options:
  --version  Show the version and exit.
  --help     Show this message and exit.

Commands:
  audit    Run a full security audit.
  version  Show version information.

Audit Command Options

  • --output, -o FILE - Output file for markdown report
  • --phases, -p [0-9] - Specific phases to run (can be repeated)
  • --quiet, -q - Suppress detailed output
  • --verbose, -v - Show descriptions and remediation
  • --debug, -d - Show low-level commands being executed
  • --remediate-all, -r - Generate remediation script for all findings
  • --remediate-only-critical - Generate remediation script for CRITICAL findings only
  • --remediate-non-critical - Generate remediation script for non-CRITICAL findings
  • --pdf FILE - Generate PDF executive report

Development

git clone https://github.com/daedalus/linux-security-audit-tool.git
cd linux-security-audit-tool
pip install -e ".[test]"

# run tests
pytest

# format
ruff format src/ tests/

# lint
ruff check src/ tests/

# type check
mypy src/

API

from security_audit import gather_context, run_identity_checks, calculate_security_score
from security_audit.core import Finding, Severity

# Run a full audit
context = gather_context()
findings = run_identity_checks()
score = calculate_security_score(findings)

Audit Phases

The tool performs security checks across 9 phases:

  • Phase 0: Context Gathering (hostname, OS, kernel)
  • Phase 1: Identity & Access Control (users, sudo, SSH)
  • Phase 2: Network Exposure (listening services, firewall)
  • Phase 3: File System & Permissions (SUID, world-writable)
  • Phase 4: Process & Service Posture (running services)
  • Phase 5: Kernel & OS Hardening (sysctl, ASLR)
  • Phase 6: Logging & Monitoring (auditd, logs)
  • Phase 7: Package & Update Hygiene (updates, repos)
  • Phase 8: Cryptographic Posture (SSH keys, TLS)

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for dclavijo from gravatar.com dclavijo

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Dario Clavijo
  • Requires: Python >=3.11
  • Provides-Extra: all , cli , dev , lint , test

Release history Release notifications | RSS feed

0.1.9

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

0.1.2

This version

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

linux_security_audit_tool-0.1.1.tar.gz (25.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

linux_security_audit_tool-0.1.1-py3-none-any.whl (32.9 kB view details)

Uploaded Python 3

File details

Details for the file linux_security_audit_tool-0.1.1.tar.gz.

File metadata

File hashes

Hashes for linux_security_audit_tool-0.1.1.tar.gz
Algorithm Hash digest
SHA256 5741470e2e561198dd1c7f54dbcee1ef16d1998a1654035891748025073bf755
MD5 b8c5c79e51750eb1ad6490f388e7f5d7
BLAKE2b-256 37db32974b3d5509bc1c74bd2e61551e5c43ed72791feadc5da4f646b62f9a4e

See more details on using hashes here.

Provenance

The following attestation bundles were made for linux_security_audit_tool-0.1.1.tar.gz:

Publisher: pypi-publish.yml on daedalus/linux-security-audit-tool

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file linux_security_audit_tool-0.1.1-py3-none-any.whl.

File metadata

File hashes

Hashes for linux_security_audit_tool-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 9a7158a1e4d643ffebc80dbed5e6a2d343e3918c438f02786d76a4ac420ef7f9
MD5 e636bb6c8dfbce921e7b44578df830c4
BLAKE2b-256 b653dcbd371e4f80f67693c6e47be572e164ecfe22f42b29c107b709d112f80a

See more details on using hashes here.

Provenance

The following attestation bundles were made for linux_security_audit_tool-0.1.1-py3-none-any.whl:

Publisher: pypi-publish.yml on daedalus/linux-security-audit-tool

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page