A comprehensive, modular security audit framework for Linux systems supporting multiple compliance frameworks with automated remediation capabilities, compliance scoring, and interactive reporting.
# Clone the repository
git clone https://github.com/Sandler73/Linux-Security-Audit-Project.git
cd Linux-Security-Audit-Project
# Run a complete security audit (requires sudo)
sudo python3 linux_security_audit.py
# View the interactive HTML report
# Opens automatically in your default browserThat's it! The tool will audit your system against all 8 security frameworks and generate a comprehensive report.
- Features
- Security Frameworks
- System Requirements
- Installation
- Basic Usage
- Documentation
- Output Formats
- Remediation
- Project Structure
- Contributing
- License
- Support
- π 1,207 Security Checks: Comprehensive assessment across 8 compliance frameworks
- π Compliance Scoring: Weighted, simple, and severity-adjusted scores with pass/fail thresholds
- π¨ Interactive HTML Reports: 18+ features including SVG charts, clickable dashboard, column resizing, multi-format export
- β‘ Performance Engine: Shared caching (~50% hit rate), parallel execution, direct /proc reads
- π§ Automated Remediation: Fix security issues with single commands or selective batch operations
- π Multi-Format Output: HTML, CSV, JSON, XML, and Console with companion JSON metadata
- π Privilege-Aware: Works with or without root (graceful degradation)
- π Structured Logging: Dual console/file output, configurable levels, JSON log format for SIEMs
- Dynamic Module Discovery: Automatically detects and validates modules from
modules/directory - OS-Aware Checks: Distribution-specific optimizations (Debian, Red Hat, SUSE, Arch families)
- IP Address Identification: Paired host identification (hostname + OS + IPs) for SIEM attribution
- Smart Privilege Detection: Identifies what can/can't be checked without root
- Comprehensive Error Handling: Graceful failures with detailed error reporting
- Zero Dependencies: Uses only Python standard library (Python 3.7+, no pip install needed)
- Completely Offline: No internet connection required, no data transmitted
The project includes 8 specialized security modules:
| Module | Checks | Description | Best For |
|---|---|---|---|
| Core | 153 | Industry best practices, OS-specific security | Everyone |
| CIS | 212 | CIS Benchmarks compliance | General hardening, compliance |
| CISA | 147 | Critical infrastructure protection | Government, critical sectors |
| ENISA | 97 | EU cybersecurity guidelines | European organizations |
| ISO27001 | 115 | Information security management | ISMS certification |
| NIST | 172 | NIST 800-53, CSF 2.0, 800-171 | Federal, contractors |
| NSA | 144 | Advanced security hardening | High-security environments |
| STIG | 167 | DoD security requirements | Defense, contractors |
Total: 1,207 comprehensive security checks (validated)
General Organizations: Start with Core + CIS
Financial/Healthcare: Use ISO27001 + NIST + CIS
Government/Federal: Use NIST + STIG + CISA
EU Organizations: Use ISO27001 + ENISA + CIS
Defense Contractors: Use STIG + NIST + NSA
π Complete Framework Reference β
- Operating System: Linux (any modern distribution)
- Python: Version 3.7 or higher
- Disk Space: 100 MB free
- Memory: 512 MB RAM (1 GB recommended)
- Privileges: Root/sudo recommended for complete results
- Ubuntu 18.04+, 20.04 LTS, 22.04 LTS, 24.04 LTS
- Debian 9+, 10, 11, 12
- RHEL 7, 8, 9
- CentOS 7, 8 Stream
- Fedora 28+, 35+, 38+
- Rocky Linux 8, 9
- AlmaLinux 8, 9
- Linux Mint 19+
- Kali Linux 2020+
- SUSE/openSUSE Leap 15+
- Arch Linux (rolling release)
No installation required! All dependencies are part of Python's standard library:
os,sys,json,csv,argparse,subprocessplatform,socket,datetime,pathlib,typingxml.etree.ElementTree,html,dataclasses(Python 3.7+)concurrent.futures,ipaddress,logging
# Clone the repository
git clone https://github.com/Sandler73/Linux-Security-Audit-Project.git
# Navigate to directory
cd Linux-Security-Audit-Project
# Verify installation
python3 linux_security_audit.py --list-modules# Download latest release
wget https://github.com/Sandler73/Linux-Security-Audit-Project/archive/refs/heads/main.zip
# Extract
unzip main.zip
cd Linux-Security-Audit-Project-main
# Make executable
chmod +x linux_security_audit.pyDownload and preserve the directory structure:
linux_security_audit.py(main script)modules/module_*.py(all 8 module files)shared_components/audit_common.py(shared library)
# List available modules
python3 linux_security_audit.py --list-modules
# Run complete audit (all modules)
sudo python3 linux_security_audit.py
# Run specific modules
sudo python3 linux_security_audit.py -m Core,CIS,NIST
# Generate CSV report
sudo python3 linux_security_audit.py -f CSV -o security-audit.csv
# Quick console output
sudo python3 linux_security_audit.py -f Console# Establish initial security baseline
sudo python3 linux_security_audit.py -m Core,CIS -o baseline-$(date +%Y%m%d).html# Generate compliance report
sudo python3 linux_security_audit.py -m ISO27001,NIST,CIS -f HTML -o compliance-report.html# Daily automated audit (add to crontab)
0 2 * * * /usr/bin/python3 /opt/audit/linux_security_audit.py -f JSON -o /var/log/audit-$(date +\%Y\%m\%d).json# Generate XML for SIEM ingestion
sudo python3 linux_security_audit.py -f XML -o siem-feed.xml| Option | Description | Example |
|---|---|---|
-m, --modules |
Specify modules to run | -m Core,CIS,NIST |
-f, --output-format |
Output format | -f HTML |
-o, --output-path |
Output file path | -o report.html |
--list-modules |
List available modules | |
--parallel |
Execute modules in parallel | |
--workers N |
Number of parallel workers | --workers 4 |
--profile |
Show performance statistics | |
--log-level LEVEL |
Set log level | --log-level DEBUG |
--log-file PATH |
Custom log file path | |
--json-log |
JSON-structured log output | |
--verbose / --quiet |
Control console verbosity | |
--remediate |
Interactive remediation | |
--remediate-fail |
Fix only FAIL status | |
--auto-remediate |
Automatic remediation | |
--remediation-file |
Fix specific issues from JSON |
- π Wiki Home - Complete documentation hub
- β‘ Quick Start - Get started in minutes
- π Usage Guide - Comprehensive usage instructions
- π Module Documentation - Detailed module capabilities
- π Output Reference - Understanding reports and formats
- π‘οΈ Framework Reference - Security standards details
- π» Development Guide - Contributing and extending
- π§ Troubleshooting - Common issues and solutions
- β FAQ - Frequently asked questions
- Installation: Quick Start Guide
- First Run: Quick Start Guide
- Understanding Results: Output Reference
- Remediation: Usage Guide
- Common Issues: Troubleshooting Guide
- Architecture: Development Guide
- Creating Modules: Development Guide
- Code Standards: Development Guide
- Contributing: Development Guide
- Framework Details: Framework Reference
- Module Coverage: Module Documentation
- Compliance Mapping: Framework Reference
Interactive, browser-based report with:
- β Sortable and filterable tables
- β Full-text search across all fields
- β Dark/Light theme toggle
- β Export selected issues to JSON
- β Inline remediation commands
- β Summary statistics dashboard
sudo python3 linux_security_audit.py -f HTMLSpreadsheet-compatible format for:
- β Excel/Google Sheets analysis
- β Custom reporting and graphing
- β Historical trend analysis
- β Data manipulation
sudo python3 linux_security_audit.py -f CSV -o audit.csvStructured data for:
- β API integration
- β SIEM ingestion
- β Automation workflows
- β Selective remediation
- β Custom scripting
sudo python3 linux_security_audit.py -f JSON -o audit.jsonEnterprise tool integration:
- β SIEM systems (Splunk, QRadar)
- β GRC platforms
- β Configuration management
- β Legacy system compatibility
sudo python3 linux_security_audit.py -f XML -o audit.xmlReal-time terminal output:
- β Color-coded status
- β No file creation
- β SSH-friendly
- β Quick validation
sudo python3 linux_security_audit.py -f Consoleπ Complete Output Reference β
The tool provides multiple remediation approaches for fixing security issues:
Review and approve each fix individually:
sudo python3 linux_security_audit.py --remediateWorkflow:
- Shows each issue with details
- Displays remediation command
- Prompts for confirmation
- Executes if approved
- Reports results
Fix only specific severity levels:
# Fix only critical FAIL issues
sudo python3 linux_security_audit.py --remediate-fail
# Fix WARNING level issues
sudo python3 linux_security_audit.py --remediate-warning
# Combine with auto-remediation
sudo python3 linux_security_audit.py --remediate-fail --auto-remediateMost precise approach - fix only specific issues:
- Run audit and generate HTML report
- Review findings in browser
- Select specific issues using checkboxes
- Click "Export Selected" button
- Run remediation with exported file:
sudo python3 linux_security_audit.py --auto-remediate --remediation-file Selected-Report.jsonBatch fix all issues with confirmation:
sudo python3 linux_security_audit.py --auto-remediate- Always test in non-production first
- Review remediation commands before executing
- Backup critical configurations
- Have console access in case SSH breaks
- Schedule during maintenance windows
Linux-Security-Audit-Project/
βββ linux_security_audit.py # Main orchestrator (3,487 lines)
βββ modules/ # Security framework modules
β βββ module_core.py # Core baseline (153 checks)
β βββ module_cis.py # CIS Benchmarks (212 checks)
β βββ module_cisa.py # CISA guidance (147 checks)
β βββ module_enisa.py # ENISA guidelines (97 checks)
β βββ module_iso27001.py # ISO 27001 controls (115 checks)
β βββ module_nist.py # NIST frameworks (172 checks)
β βββ module_nsa.py # NSA hardening (144 checks)
β βββ module_stig.py # DISA STIGs (167 checks)
βββ shared_components/ # Shared library
β βββ audit_common.py # Caching, parallel, /proc reads (2,174 lines)
βββ logs/ # Structured log files (auto-created)
βββ reports/ # Generated reports (auto-created)
βββ README.md # This file
βββ LICENSE # MIT License
βββ CHANGELOG.md # Version history
βββ SECURITY.md # Security policy
βββ CONTRIBUTING.md # Contribution guidelines
βββ .gitignore # Git ignore rules
We welcome contributions! Here's how you can help:
- π Report Bugs: Open an issue
- π‘ Suggest Features: Request enhancements
- π Improve Documentation: Fix errors, add examples
- π» Write Code: Implement features, fix bugs
- π‘οΈ Add Checks: Create new security checks
- π Review PRs: Help review pull requests
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Make your changes
- Test thoroughly (root and non-root)
- Commit with clear messages (
git commit -m 'Add amazing feature') - Push to your fork (
git push origin feature/amazing-feature) - Open a Pull Request
# Clone your fork
git clone https://github.com/YOUR_USERNAME/Linux-Security-Audit-Project.git
cd Linux-Security-Audit-Project
# Create development branch
git checkout -b feature/your-feature
# Verify directory structure
ls modules/ shared_components/
# Make changes and test
python3 linux_security_audit.py --list-modules
sudo python3 linux_security_audit.py -m YourModule --profile
# Run tests (if available)
python3 -m pytest tests/- Follow PEP 8 style guide
- Use type hints where applicable
- Write comprehensive docstrings
- Add inline comments for complex logic
- Include error handling
- Test both root and non-root execution
π Complete Development Guide β
This project is licensed under the MIT License - see the LICENSE file for details.
β Permissions:
- Commercial use
- Modification
- Distribution
- Private use
β Conditions:
- License and copyright notice
β Limitations:
- No liability
- No warranty
- π Check Documentation: Start with Wiki
- π Search Issues: Look for existing issues
- β Read FAQ: Check Frequently Asked Questions
- π§ Troubleshooting: Review Troubleshooting Guide
- π¬ Open Issue: Create new issue
When opening an issue, please include:
For Bug Reports:
- Clear description of the issue
- Steps to reproduce
- Expected vs actual behavior
- Environment details (OS, Python version)
- Error messages and logs
- Screenshots (if applicable)
For Feature Requests:
- Use case description
- Why it's needed
- Proposed implementation
- Benefit to other users
- GitHub Issues: Bug reports and feature requests
- Pull Requests: Code contributions
- Discussions: Questions and ideas (if enabled)
- Wiki: Comprehensive documentation
This project implements guidance from:
- CIS - Center for Internet Security
- NIST - National Institute of Standards and Technology
- DISA - Defense Information Systems Agency
- NSA - National Security Agency
- CISA - Cybersecurity and Infrastructure Security Agency
- ENISA - European Union Agency for Cybersecurity
- ISO - International Organization for Standardization
Thanks to the open-source security community for:
- Security research and vulnerability disclosure
- Framework development and maintenance
- Best practices documentation
- Tool development and testing
- Version: 2.0
- Release Date: March 2026
- Total Checks: 1,207 (validated)
- Modules: 8 security frameworks
- Output Formats: 5 (HTML, CSV, JSON, XML, Console)
- Scoring Methods: 3 (simple, weighted, severity-adjusted)
- Python Version: 3.7+
- License: MIT
- Status: Active Development
β If this project helps you secure Linux systems, please consider giving it a star! β
Made with β€οΈ for the Linux security community
π Documentation β’ π Report Bug β’ β¨ Request Feature
