Remote Linux server security audit via SSH
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
srvaudit
Remote Linux server security audit via SSH. No agents. No installation on the server.
pip install git+https://github.com/CynepMyx/srvaudit.git
srvaudit scan root@your-server.com
Example Output
+--------------------------------- srvaudit ----------------------------------+
| srvaudit report for deploy@prod.example.com:22 |
| Score: 68/100 (C) | Duration: 4.2s | Distro: debian 13 |
+-----------------------------------------------------------------------------+
Findings
+--------------------------------------------------------------------------+
| Severity | Check | Issue | Fix |
|-----------+----------------+-----------------------------+---------------|
| CRITICAL | open_ports | MySQL (port 3306) exposed | ufw deny 3306 |
| WARNING | ssh_config | Password auth enabled | sed -i ... |
| WARNING | kernel | System reboot required | reboot |
| WARNING | firewall | No firewall detected | apt install |
| | | | ufw && ... |
+--------------------------------------------------------------------------+
5 passed 3 info 0 skipped
Every finding includes a ready-to-use fix command you can copy and run.
Quick Start
# Full audit (16 checks, ~5 seconds)
srvaudit scan root@your-server.com
# Quick scan (critical checks only, <30 sec)
srvaudit scan root@your-server.com --quick
# With sudo for privileged checks (authorized_keys, cron, sudoers)
srvaudit scan deploy@your-server.com --sudo
# JSON output for automation
srvaudit scan root@your-server.com --json -o report.json
# Compare before/after
srvaudit diff before.json after.json
Diff: Before / After
srvaudit diff
Before: 2026-03-25 14:00 | Score: 42/100 (D)
After: 2026-03-27 10:30 | Score: 92/100 (A) [+50]
FIXED (3):
[CRITICAL] MySQL (port 3306) exposed on 0.0.0.0
[WARNING] No firewall detected
[WARNING] Password authentication is enabled
NEW (0)
UNCHANGED (1):
[WARNING] System reboot required
What It Checks
16 checks across 6 categories:
| Category | Checks | Quick |
|---|---|---|
| Access | SSH config (with Include support), authorized keys, users (UID 0), sudoers | 3 of 4 |
| Network | Firewall (ufw/firewalld/nftables, Docker-aware), open ports, fail2ban | 3 of 3 |
| System | Pending updates, auto-updates, kernel (reboot + hardening), disk usage, capabilities | 1 of 5 |
| Services | Docker (privileged, socket, exposed ports), systemd timers | 0 of 2 |
| Persistence | Cron jobs (all users), world-writable files | 0 of 2 |
| Web | Exposed .env files in /var/www | 0 of 1 |
Why Not Lynis?
| srvaudit | Lynis | |
|---|---|---|
| Install on server | No (SSH only) | Yes (must be on server) |
| Time | ~5 seconds | 2-5 minutes |
| Output | Structured, prioritized, scored | 500+ lines raw text |
| Fix commands | Copy-paste ready | No |
| Before/after diff | Built-in | No |
| Docker-aware | Yes (firewall, ports) | Limited |
srvaudit is not a Lynis replacement. Lynis does deep compliance auditing (CIS, PCI-DSS). srvaudit does fast practical checks for DevOps engineers and freelancers who manage servers.
Installation
# Recommended (isolated install)
pipx install git+https://github.com/CynepMyx/srvaudit.git
# Or with pip
pip install git+https://github.com/CynepMyx/srvaudit.git
# From source
git clone https://github.com/CynepMyx/srvaudit.git
cd srvaudit && pip install -e .
Requires Python 3.9+. PyPI package coming soon.
Scoring
| Grade | Score | Meaning |
|---|---|---|
| A | 90-100 | Good shape |
| B | 70-89 | Room for improvement |
| C | 50-69 | Needs attention |
| D | 0-49 | Critical issues (any CRITICAL finding caps score at 45) |
SSH Options
srvaudit scan user@host -p 2222 # custom port
srvaudit scan user@host -i ~/.ssh/id_rsa # specific key
srvaudit scan user@host --password # prompt for password
srvaudit scan user@host --accept-host-key # trust on first connect
srvaudit scan user@host --timeout 30 # per-command timeout
How It Works
- Connects via SSH (paramiko, single session)
- Detects OS distribution
- Runs ~30 read-only shell commands
- Parses output locally
- Scores findings and generates report
Nothing is installed, modified, or written on the target server.
Note: This tool trusts system utilities on the target host. If the system is already compromised (rootkit), results may be unreliable.
Supported Distributions
Ubuntu 18.04+ | Debian 10+ | CentOS/RHEL 7+ | Rocky/Alma 8+ | Fedora | Alpine
Contributing
Issues and PRs welcome. See CHANGELOG.md for version history.
License
MIT
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
srvaudit-0.1.0.tar.gz
(25.5 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
srvaudit-0.1.0-py3-none-any.whl
(32.3 kB
view details)
File details
Details for the file srvaudit-0.1.0.tar.gz.
File metadata
- Download URL: srvaudit-0.1.0.tar.gz
- Upload date:
- Size: 25.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
34e51bad7a2c3c3c69808fe19fff50cb6049f0408916152daa709644dbbcf014
|
|
| MD5 |
c25bad67e61d35c63583cf3c7a74034b
|
|
| BLAKE2b-256 |
a2ff191f6b54e819ed151c90941b249c736c80ec10f6b5dd97d146e30a83fbdd
|
Provenance
The following attestation bundles were made for srvaudit-0.1.0.tar.gz:
Publisher:
release.yml on CynepMyx/srvaudit
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
srvaudit-0.1.0.tar.gz -
Subject digest:
34e51bad7a2c3c3c69808fe19fff50cb6049f0408916152daa709644dbbcf014 - Sigstore transparency entry: 1189664356
- Sigstore integration time:
-
Permalink:
CynepMyx/srvaudit@cb363bbf6e2b72d09518196d6d0c26e7fcfa8188 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/CynepMyx
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@cb363bbf6e2b72d09518196d6d0c26e7fcfa8188 -
Trigger Event:
push
-
Statement type:
File details
Details for the file srvaudit-0.1.0-py3-none-any.whl.
File metadata
- Download URL: srvaudit-0.1.0-py3-none-any.whl
- Upload date:
- Size: 32.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e074737d8be424b831a87caae26f772c26137f9c5b72be5d6b5edb0692f8588a
|
|
| MD5 |
f49fb7ac43bcc1f2230a88570f7f1e26
|
|
| BLAKE2b-256 |
5719e6eca1e1c9338619f95808f7a094b7f1fca228d68ac5be8cfb18800b8057
|
Provenance
The following attestation bundles were made for srvaudit-0.1.0-py3-none-any.whl:
Publisher:
release.yml on CynepMyx/srvaudit
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
srvaudit-0.1.0-py3-none-any.whl -
Subject digest:
e074737d8be424b831a87caae26f772c26137f9c5b72be5d6b5edb0692f8588a - Sigstore transparency entry: 1189664362
- Sigstore integration time:
-
Permalink:
CynepMyx/srvaudit@cb363bbf6e2b72d09518196d6d0c26e7fcfa8188 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/CynepMyx
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@cb363bbf6e2b72d09518196d6d0c26e7fcfa8188 -
Trigger Event:
push
-
Statement type:
