Comprehensive Linux security auditing and hardening tool

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for dclavijo from gravatar.com dclavijo

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Dario Clavijo
  • Requires: Python >=3.11
  • Provides-Extra: all , cli , dev , lint , test
Report project as malware

Project description

Linux Security Audit Tool

A comprehensive CLI tool for auditing Linux system security posture.

PyPI Python Ruff

Install

pip install linux-security-audit-tool

Usage

security-audit --help
security-audit audit
security-audit audit -p 0 -1           # Run specific phases
security-audit audit -o report.md      # Save markdown report
security-audit audit --quiet           # Summary only
security-audit audit --debug           # Show executed commands
security-audit audit --remediate-all   # Generate remediation script for all findings
security-audit audit --remediate-only-critical  # Generate remediation script for CRITICAL only
security-audit audit --remediate-non-critical   # Generate remediation script for non-CRITICAL
security-audit audit --pdf report.pdf  # Generate PDF report

CLI

security-audit [OPTIONS] COMMAND [ARGS]...

Options:
  --version  Show the version and exit.
  --help     Show this message and exit.

Commands:
  audit    Run a full security audit.
  version  Show version information.

Audit Command Options

  • --output, -o FILE - Output file for markdown report
  • --phases, -p [0-9] - Specific phases to run (can be repeated)
  • --quiet, -q - Suppress detailed output
  • --verbose, -v - Show descriptions and remediation
  • --debug, -d - Show low-level commands being executed
  • --remediate-all, -r - Generate remediation script for all findings
  • --remediate-only-critical - Generate remediation script for CRITICAL findings only
  • --remediate-non-critical - Generate remediation script for non-CRITICAL findings
  • --pdf FILE - Generate PDF executive report

Development

git clone https://github.com/daedalus/linux-security-audit-tool.git
cd linux-security-audit-tool
pip install -e ".[test]"

# run tests
pytest

# format
ruff format src/ tests/

# lint
ruff check src/ tests/

# type check
mypy src/

API

from security_audit import gather_context, run_identity_checks, calculate_security_score
from security_audit.core import Finding, Severity

# Run a full audit
context = gather_context()
findings = run_identity_checks()
score = calculate_security_score(findings)

Audit Phases

The tool performs security checks across 9 phases:

  • Phase 0: Context Gathering (hostname, OS, kernel)
  • Phase 1: Identity & Access Control (users, sudo, SSH)
  • Phase 2: Network Exposure (listening services, firewall, sysctl)
  • Phase 3: File System & Permissions (SUID, world-writable, cron)
  • Phase 4: Process & Service Posture (services, AppArmor, SELinux, rkhunter)
  • Phase 5: Kernel & OS Hardening (sysctl, ASLR, module blacklist)
  • Phase 6: Logging & Monitoring (auditd, logs, syslog)
  • Phase 7: Package & Update Hygiene (updates, repos)
  • Phase 8: Cryptographic Posture (SSH keys, TLS, password hashing)

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for dclavijo from gravatar.com dclavijo

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Dario Clavijo
  • Requires: Python >=3.11
  • Provides-Extra: all , cli , dev , lint , test

Release history Release notifications | RSS feed

0.1.9

0.1.8

0.1.7

0.1.6

0.1.5

0.1.4

0.1.3

This version

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

linux_security_audit_tool-0.1.2.tar.gz (25.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

linux_security_audit_tool-0.1.2-py3-none-any.whl (32.9 kB view details)

Uploaded Python 3

File details

Details for the file linux_security_audit_tool-0.1.2.tar.gz.

File metadata

File hashes

Hashes for linux_security_audit_tool-0.1.2.tar.gz
Algorithm Hash digest
SHA256 857ebcecab83b88579ed73c5cf70cf3b8157f8937ecfeb0729a3b038e99c393d
MD5 db9173be8eeb97158149454b088460a9
BLAKE2b-256 7fe13b9c8192b03170d08a380c2960bcda76668f18a093f1412e422b75c102d0

See more details on using hashes here.

Provenance

The following attestation bundles were made for linux_security_audit_tool-0.1.2.tar.gz:

Publisher: pypi-publish.yml on daedalus/linux-security-audit-tool

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file linux_security_audit_tool-0.1.2-py3-none-any.whl.

File metadata

File hashes

Hashes for linux_security_audit_tool-0.1.2-py3-none-any.whl
Algorithm Hash digest
SHA256 c96510dc452d7e4574342dc78bae7e4f57438d3c42f23511a4f9267032978913
MD5 992c777e2b4db41955c831862ced06a0
BLAKE2b-256 820a7ca2f0dc06b02e7bfb52bc54ac4c41f32cccc9768ebe5d4b207e7da5efb6

See more details on using hashes here.

Provenance

The following attestation bundles were made for linux_security_audit_tool-0.1.2-py3-none-any.whl:

Publisher: pypi-publish.yml on daedalus/linux-security-audit-tool

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page