Comprehensive Linux security auditing and hardening tool

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for dclavijo from gravatar.com dclavijo

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Dario Clavijo
  • Requires: Python >=3.11
  • Provides-Extra: all , dev , lint , test
Report project as malware

Project description

Linux Security Audit Tool

A comprehensive CLI tool for auditing Linux system security posture.

For all the checks to effectively be done this tool it needs root access.

PyPI Python Ruff

Install

python3 -m venv venv
source venv/bin/activate
pip install linux-security-audit-tool

Usage

sudo env "PATH=$PATH" security-audit --help
sudo env "PATH=$PATH" security-audit audit
sudo env "PATH=$PATH" security-audit audit -p 0 -1           # Run specific phases
sudo env "PATH=$PATH" security-audit audit -o report.md      # Save markdown report
sudo env "PATH=$PATH" security-audit audit --quiet           # Summary only
sudo env "PATH=$PATH" security-audit audit --debug           # Show executed commands
sudo env "PATH=$PATH" security-audit audit --remediate-all   # Generate remediation script for all findings
sudo env "PATH=$PATH" security-audit audit --remediate-only-critical  # Generate remediation script for CRITICAL only
sudo env "PATH=$PATH" security-audit audit --remediate-non-critical   # Generate remediation script for non-CRITICAL
sudo env "PATH=$PATH" security-audit audit --pdf report.pdf  # Generate PDF report

CLI

security-audit [OPTIONS] COMMAND [ARGS]...

Options:
  --version  Show the version and exit.
  --help     Show this message and exit.

Commands:
  audit    Run a full security audit.
  version  Show version information.

Audit Command Options

  • --output, -o FILE - Output file for markdown report
  • --phases, -p [0-9] - Specific phases to run (can be repeated)
  • --quiet, -q - Suppress detailed output
  • --verbose, -v - Show descriptions and remediation
  • --debug, -d - Show low-level commands being executed
  • --remediate-all, -r - Generate remediation script for all findings
  • --remediate-only-critical - Generate remediation script for CRITICAL findings only
  • --remediate-non-critical - Generate remediation script for non-CRITICAL findings
  • --pdf FILE - Generate PDF executive report

Development

git clone https://github.com/daedalus/linux-security-audit-tool.git
cd linux-security-audit-tool
pip install -e ".[test]"

# run tests
pytest

# format
ruff format src/ tests/

# lint
ruff check src/ tests/

# type check
mypy src/

API

from security_audit import gather_context, run_identity_checks, calculate_security_score
from security_audit.core import Finding, Severity

# Run a full audit
context = gather_context()
findings = run_identity_checks()
score = calculate_security_score(findings)

Audit Phases

The tool performs security checks across 9 phases:

  • Phase 0: Context Gathering (hostname, OS, kernel)
  • Phase 1: Identity & Access Control (users, sudo, SSH)
  • Phase 2: Network Exposure (listening services, firewall, sysctl)
  • Phase 3: File System & Permissions (SUID, world-writable, cron)
  • Phase 4: Process & Service Posture (services, AppArmor, SELinux, rkhunter)
  • Phase 5: Kernel & OS Hardening (sysctl, ASLR, module blacklist)
  • Phase 6: Logging & Monitoring (auditd, logs, syslog)
  • Phase 7: Package & Update Hygiene (updates, repos)
  • Phase 8: Cryptographic Posture (SSH keys, TLS, password hashing)

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for dclavijo from gravatar.com dclavijo

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT
  • Author: Dario Clavijo
  • Requires: Python >=3.11
  • Provides-Extra: all , dev , lint , test

Release history Release notifications | RSS feed

0.1.9

0.1.8

0.1.7

0.1.6

0.1.5

This version

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

linux_security_audit_tool-0.1.4.tar.gz (25.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

linux_security_audit_tool-0.1.4-py3-none-any.whl (32.9 kB view details)

Uploaded Python 3

File details

Details for the file linux_security_audit_tool-0.1.4.tar.gz.

File metadata

File hashes

Hashes for linux_security_audit_tool-0.1.4.tar.gz
Algorithm Hash digest
SHA256 d54e110018faf9b0dd4b5b7adffbb95b8047e701e0bd64308f9129bcb58ac7e7
MD5 9804bd1fe8c742a87e6d762f59ef34b3
BLAKE2b-256 738ac7986707f13404e1c8fdbabea5f4c1e980e4f012903280dfe318626a4301

See more details on using hashes here.

Provenance

The following attestation bundles were made for linux_security_audit_tool-0.1.4.tar.gz:

Publisher: pypi-publish.yml on daedalus/linux-security-audit-tool

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file linux_security_audit_tool-0.1.4-py3-none-any.whl.

File metadata

File hashes

Hashes for linux_security_audit_tool-0.1.4-py3-none-any.whl
Algorithm Hash digest
SHA256 64a4bae44bad57092f1c9f87d93fb25cdc1cf9e248b04d87b2739604a7dfc0bc
MD5 99fa1fedf297f201b83bc2848dd47a34
BLAKE2b-256 52d2da057a9efc0e8d8c06fa145445315f67e67cc31b5de399b8237fa2169ba5

See more details on using hashes here.

Provenance

The following attestation bundles were made for linux_security_audit_tool-0.1.4-py3-none-any.whl:

Publisher: pypi-publish.yml on daedalus/linux-security-audit-tool

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page