UFW firewall audit tool — cross-checks rules against listening services
Project description
Lire en français · Technical documentation
🔒 ufw-audit
Smart UFW security audit — fast, readable, actionable.
Analyses your UFW configuration, exposed services and logs to detect real risks, with clear recommendations.
⚡ TL;DR
sudo apt install pipx && pipx ensurepath
# open a new terminal, then:
pipx install ufw-audit
sudo ~/.local/bin/ufw-audit --install-completion
sudo ufw-audit
🛠 Installation
Prerequisites
- Linux: Debian, Ubuntu, Mint or derivative
- UFW:
sudo apt install ufw - pipx:
sudo apt install pipx && pipx ensurepath
Open a new terminal after
pipx ensurepathto activate the PATH.
Install
pipx install ufw-audit
Enable sudo + bash completion
pipx installs the binary in ~/.local/bin/, which is not in sudo's restricted PATH.
--install-completion creates the symlink /usr/local/bin/ufw-audit and installs the bash completion script:
sudo ~/.local/bin/ufw-audit --install-completion
source /etc/bash_completion.d/ufw-audit
After this step, sudo ufw-audit works normally.
Uninstall
pipx uninstall ufw-audit
🚀 Why ufw-audit?
- 🔍 Full audit — firewall, services, ports, logs, DDNS, Docker, virtualisation
- 🎯 Smart prioritisation — score + classification (OK / Warning / Action required)
- 🧠 Context-aware — network exposure + service criticality
- 🛠 Optional auto-fix — corrections proposed or applied automatically
- 📊 Clear output — human-readable + scriptable
- 🌍 Bilingual EN/FR
🔎 What the tool analyses
🔥 Firewall (UFW)
- Active/inactive status
- Dangerous rules (
allow from any) - IPv4 / IPv6 consistency
- Duplicates and errors
🌐 Exposed services (22+)
- SSH, Redis, PostgreSQL, Docker, etc.
- Detection via systemd / active ports
- Real exposure, risk level, UFW consistency
📡 Ports
- Open ports (
ss) - Interfaces (loopback / LAN / public)
- Unintended exposures
📜 UFW logs
- Suspicious attempts, brute-force detection
- IP analysis (optional GeoIP)
☁️ DDNS / Docker / Virtualisation
- Advanced network correlations
- Indirect exposure detection
📊 Example output
✔ Firewall active
⚠ SSH exposed to the Internet
✖ Redis open without restriction
Score: 6/10
→ Action required
▶️ Usage
sudo ufw-audit # standard audit
sudo ufw-audit -f # interactive fix mode
sudo ufw-audit -f -y # auto-fix without confirmation
sudo ufw-audit -v # verbose
sudo ufw-audit -q # silent — exit code 0/1/2/3
sudo ufw-audit --french # French interface
🤖 Automation
- 🕒 Built-in cron (
--install-cron) - 📧 Email notifications (HTML + plain text)
- 📁 Report management (
--manage-logs) - 🔁 Multi-job scheduling (
--manage-cron)
🧪 Quality & reliability
- ✅ 639 unit tests
- 🧱 Modular architecture (snapshot / check separated)
- 🧪 Tested on Debian, Ubuntu, Kali, Mint
🆕 v1.1.0
- 📋 Summary box redesigned — long messages word-wrapped, never truncated
- 🔧 Fix commands shown inline in summary box (
→ cmdunder each finding) - 🔴 Red disclaimer under "Possible improvements" block
- 🐛 vsftpd
listen_portand Transmissionrpc-port(JSON) now detected - 🔒 Domain validation regex hardened; Docker public-IP detection improved
- ✅ 639/639 unit tests
🧠 Philosophy
Not just listing ports — understanding the real risk.
ufw-audit prioritises what matters: real exposure, attack surface, potential impact.
📁 Project structure
Automated-UFW-audit/
├── README.md / README_FR.md # project overview (EN/FR)
├── LICENSE
├── pyproject.toml # build config (pip/pipx install)
├── install.sh # shell installer [DEPRECATED]
├── DOCUMENTS/
│ ├── README_TECH.md / _FR.md # complete technical reference
│ ├── README_DEV.md / _FR.md # developer documentation
│ ├── CHANGELOG_FULL.md / _FR.md # full version history
│ ├── TESTING.md / _FR.md # test plan & validated scenarios
│ └── AUTOMATION.md / _FR.md # cron & automation guide
├── ufw_audit/ # Python package
│ ├── checks/ # firewall, services, ports, logs, ddns, docker, virt
│ ├── data/
│ │ ├── services.json # 22 service definitions
│ │ └── ufw-audit.bash-completion
│ └── locales/
│ ├── en.json
│ └── fr.json
└── tests/ # 639 unit tests
📄 License
MIT — © 2026 Cédric Clauzel
🤝 Contributing
Bug reports, new detections, UX improvements — contributions welcome.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file ufw_audit-1.1.0.tar.gz.
File metadata
- Download URL: ufw_audit-1.1.0.tar.gz
- Upload date:
- Size: 121.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
db0f8d9a743173ea32ccff7c57ace8696b3ada41080ea1d1a1cc4acab4a5b073
|
|
| MD5 |
f511da1d5bdd040908d9fe9f516afa25
|
|
| BLAKE2b-256 |
fd5b9c5b575ac22fd8c6e22ae8fca3280bc363ed3dd8a1e7343f4a9750df90d5
|
File details
Details for the file ufw_audit-1.1.0-py3-none-any.whl.
File metadata
- Download URL: ufw_audit-1.1.0-py3-none-any.whl
- Upload date:
- Size: 101.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
065d8d9e6c17bc58c545fa74f3adcc2232bde454ddb9f4724f99974b3a148f1e
|
|
| MD5 |
5992cc1373466a8cb7335564e0aed74a
|
|
| BLAKE2b-256 |
f8dfa02986064cc2d0ae5676d5da3bf8a1ea2bbd65ae38193096203092292ac5
|
