Skip to content

Home

Jump to bottom
Ryan edited this page Jan 8, 2026 · 3 revisions

Linux Security Audit Project

Version License Python

Overview

The Linux Security Audit Project is a comprehensive, modular security assessment framework designed to audit Linux systems against multiple compliance frameworks and security standards. It provides enterprise-grade security scanning capabilities with intelligent privilege detection, interactive HTML reporting, and automated remediation workflows.

Key Features

  • Multi-Framework Support: Audit against 8 different security frameworks (Core, CIS, CISA, ENISA, ISO27001, NIST, NSA, STIG)
  • Comprehensive Coverage: 1000+ individual security checks across all modules
  • Interactive HTML Reports: Rich, filterable reports with dark/light themes, sorting, searching, and export capabilities
  • Intelligent Remediation: Interactive and automated remediation with safety confirmations and selective issue fixing
  • Multi-Format Output: HTML, CSV, JSON, XML, and Console output formats
  • Privilege-Aware Execution: Graceful degradation when running without root privileges
  • Dynamic Module Discovery: Automatic detection and validation of security modules
  • OS-Aware Checks: Distribution-specific security assessments for Debian, Ubuntu, RHEL, CentOS, Fedora, and more

Quick Navigation

Getting Started

Development & Extension

Support & Troubleshooting

Architecture

Core Components

Main Orchestrator (linux_security_audit.py)

The central script that coordinates module execution, manages output generation, and handles remediation workflows. Features include:

  • Dynamic module discovery and validation
  • Privilege detection and requirement checking
  • Multi-format report generation (HTML, CSV, JSON, XML)
  • Interactive and automated remediation engine
  • Comprehensive error handling and logging

Security Modules

Eight specialized modules providing framework-specific security checks:

Module Description Checks Standards
Core Baseline security assessment 150+ Industry best practices, vendor security guides
CIS CIS Benchmarks compliance 200+ CIS Benchmarks for Linux
CISA CISA cybersecurity guidance 140+ CISA Known Exploited Vulnerabilities, Security Advisories
ENISA ENISA cybersecurity guidelines 135+ ENISA Good Practices, EU Cybersecurity Standards
ISO27001 ISO/IEC 27001 controls 145+ ISO/IEC 27001:2013/2022
NIST NIST security frameworks 160+ NIST 800-53, NIST CSF 2.0, NIST 800-171
NSA NSA security hardening 155+ NSA Security Configuration Guides
STIG DISA STIG compliance 180+ Defense Information Systems Agency STIGs

Execution Modes

Full Privilege (Root) Mode

When run with sudo or as root:

  • Complete access to all security checks
  • Full remediation capabilities
  • Comprehensive system analysis
  • Access to privileged system information

Limited Privilege (Non-Root) Mode

When run as a regular user:

  • Graceful degradation of checks requiring elevated privileges
  • Read-only security assessment
  • No remediation capabilities (requires root)
  • Useful for scheduled monitoring and reporting

System Requirements

Supported Operating Systems

  • Debian-based: Ubuntu 18.04+, Debian 9+, Linux Mint 19+, Kali Linux
  • RedHat-based: RHEL 7+, CentOS 7+, Fedora 28+, Rocky Linux, AlmaLinux
  • Other: SUSE/openSUSE, Arch Linux (with varying module compatibility)

Prerequisites

  • Python: Version 3.6 or higher
  • Privileges: Root/sudo access recommended for complete assessment and remediation
  • Disk Space: Minimum 100MB for reports and logs
  • Memory: Minimum 512MB RAM (1GB+ recommended for large audits)

Required Python Modules

All required modules are part of Python's standard library:

  • os, sys, json, csv, argparse
  • subprocess, platform, socket, datetime
  • pathlib, typing, dataclasses
  • xml.etree.ElementTree, html

Typical Workflows

Basic Security Audit

# Run complete audit with all modules
sudo python3 linux_security_audit.py

# Run specific modules
sudo python3 linux_security_audit.py -m Core,NIST,CIS

# Generate CSV report
sudo python3 linux_security_audit.py -f CSV -o security-report.csv

Targeted Remediation

# 1. Run audit and generate HTML report
sudo python3 linux_security_audit.py

# 2. Review report in browser, select issues to fix

# 3. Export selected issues to JSON

# 4. Automatically remediate selected issues
sudo python3 linux_security_audit.py --auto-remediate --remediation-file Selected-Report.json

Scheduled Monitoring (Non-Root)

# Regular security monitoring without root
python3 linux_security_audit.py -f JSON -o /var/log/security-audit.json

# Can be scheduled via cron for continuous monitoring
0 2 * * * /usr/bin/python3 /opt/security-audit/linux_security_audit.py -f JSON -o /var/log/audit-$(date +\%Y\%m\%d).json

SIEM Integration

# Generate XML output for SIEM ingestion
sudo python3 linux_security_audit.py -f XML -o siem-feed.xml

# JSON format for API integration
sudo python3 linux_security_audit.py -f JSON -o api-feed.json

Key Capabilities

Reporting Features

  • Interactive HTML Reports: Sortable, filterable tables with search functionality
  • Theme Support: Dark and light themes with smooth transitions
  • Export Options: Export full reports or selected issues to JSON
  • Statistics Dashboard: Visual summary of security posture
  • Remediation Commands: Inline display of fix commands for each issue
  • Module Categorization: Results organized by security framework

Remediation Modes

  • Interactive Remediation: Review and approve each fix individually
  • Filtered Remediation: Fix only FAIL, WARNING, or INFO status issues
  • Automated Remediation: Batch fix all issues with safety confirmations
  • Selective Remediation: Fix only specific issues exported from HTML report
  • Dry-Run Support: Preview remediation commands before execution

Data Export Formats

HTML

  • Rich interactive interface with JavaScript functionality
  • Responsive design for mobile and desktop
  • Built-in filtering, sorting, and search
  • Export selected issues to JSON for targeted remediation

CSV

  • Structured tabular format for spreadsheet analysis
  • Compatible with Excel, Google Sheets, LibreOffice
  • Suitable for trending analysis and reporting

JSON

  • Structured data format for API integration
  • Includes complete audit metadata and execution info
  • Supports selective remediation workflows
  • SIEM and automation tool compatible

XML

  • Standards-compliant XML structure
  • Suitable for SIEM ingestion (Splunk, QRadar, etc.)
  • Enterprise security tool integration
  • Custom schema support for specific requirements

Security Considerations

Privilege Management

  • Script checks for required privileges before execution
  • Clear messaging about privilege requirements
  • Graceful degradation for non-privileged execution
  • No unnecessary privilege escalation

Remediation Safety

  • Interactive confirmations for all automated fixes
  • Preview of commands before execution
  • Backup recommendations for critical changes
  • Rollback guidance for failed remediations

Data Handling

  • No sensitive data logged to console
  • File permissions set appropriately (600 for reports)
  • No external network calls (fully offline operation)
  • SUDO_USER detection for proper file ownership

Performance Characteristics

Execution Time

  • Full Audit (All Modules): 2-5 minutes on typical systems
  • Single Module: 15-45 seconds depending on module
  • Core Module Only: 20-30 seconds

Resource Usage

  • CPU: Low to moderate (single-threaded execution)
  • Memory: 50-200MB depending on number of checks
  • Disk I/O: Minimal (mostly read operations)
  • Network: None (fully offline operation)

Scalability

  • Tested on systems with 1000+ users
  • Handles large filesystem hierarchies efficiently
  • Suitable for both workstations and servers
  • Can be parallelized across multiple systems

Project Structure

Linux-Security-Audit-Project/
├── linux_security_audit.py      # Main orchestrator script
├── module_core.py                # Core security baseline module
├── module_cis.py                 # CIS Benchmarks module
├── module_cisa.py                # CISA guidance module
├── module_enisa.py               # ENISA guidelines module
├── module_iso27001.py            # ISO27001 controls module
├── module_nist.py                # NIST frameworks module
├── module_nsa.py                 # NSA security hardening module
├── module_stig.py                # DISA STIG compliance module
├── README.md                     # Main project documentation
├── LICENSE                       # MIT License
├── SECURITY.md                   # Security policy
├── CHANGELOG.md                  # Version history
└── .gitignore                    # Git ignore rules

Version Information

Current Version: 1.1
Release Date: January 2025
Python Compatibility: 3.6+
License: MIT

Contributing

We welcome contributions! Please see the Development Guide for:

  • Setting up your development environment
  • Creating new security modules
  • Submitting pull requests
  • Coding standards and best practices

Support

Getting Help

  1. Check the FAQ for common questions
  2. Review the Troubleshooting Guide for known issues
  3. Consult the Usage Guide for detailed examples
  4. Open an issue on GitHub

Reporting Issues

  • Bugs: Use the GitHub issue tracker with detailed reproduction steps
  • Feature Requests: Open an issue with the enhancement label
  • Security Issues: Follow the Security Policy

Links & Resources

Referenced Standards & Frameworks

License

This project is licensed under the MIT License - see the LICENSE file for details.

Last Updated: January 2026 Maintained By: Sandler73 Project Status: Active Development

Clone this wiki locally