| description | Use when user wants to Run automated Linux security audits with multiple scanners |
|---|---|
| name | audit-report |
A non-invasive Linux security auditing skill that auto-detects the OS distribution and runs multiple security scanners, consolidating all outputs into a timestamped directory.
This skill provides automated Linux security auditing capabilities. It detects the operating system family (Debian/Ubuntu, RHEL/CentOS/Fedora/Rocky, Arch) and runs available security scanners including Lynis, rkhunter, chkrootkit, and OpenSCAP. The skill gracefully handles missing tools and generates comprehensive reports with timestamps.
Use this skill when you need to:
- Perform security audits on Linux systems
- Run automated security scans with multiple tools
- Generate consolidated security reports
- Check for rootkits, vulnerabilities, and security misconfigurations
- Evaluate system compliance against security standards
The skill can be triggered with requests like:
- "Run a security audit on this Linux system"
- "Scan for vulnerabilities and rootkits"
- "Perform a Lynis security check"
- "Audit the system security configuration"
- "Check for security issues on this server"
- "Run rkhunter and chkrootkit scans"
- "Generate a security compliance report"
| Parameter | Type | Required | Description |
|---|---|---|---|
output |
string | Yes | Output directory path for reports |
modules |
string | No | Comma-separated list of modules to run (lynis,rkhunter,chkrootkit,openscap) |
skip_missing |
boolean | No | Skip missing tools (default: true). Set to false to fail on missing tools |
verbose |
boolean | No | Enable verbose output |
The skill generates:
- Timestamped directory:
YYYYMMDD-HHMMSSsubdirectory for each run - Individual scanner logs: Separate log files for each tool
- OS detection results:
detect.txtwith detected distribution info - Summary report: Consolidated summary of all scan results
- SCAP reports: HTML and XML reports when OpenSCAP is used
# Basic security audit
sudo ./bin/audit-report --output /var/log/audits
# Run specific modules only
sudo ./bin/audit-report --output /tmp/reports --modules lynis,rkhunter
# Verbose output with all modules
sudo ./bin/audit-report --output /tmp/reports --verbose
# Fail if any tool is missing
sudo ./bin/audit-report --output /tmp/reports --no-skip-missing- Bash >= 4.0
- Root privileges (for accessing privileged system files)
- Linux operating system (Debian/Ubuntu, RHEL/CentOS/Fedora/Rocky, or Arch)
| Tool | Purpose |
|---|---|
| Lynis | System security auditing |
| rkhunter | Rootkit detection |
| chkrootkit | Rootkit detection |
| OpenSCAP | SCAP evaluation |
| scap-security-guide | SCAP content profiles |
<output-dir>/
└── YYYYMMDD-HHMMSS/
├── detect.txt # OS detection results
├── lynis-YYYYMMDD-HHMMSS.log
├── lynis-YYYYMMDD-HHMMSS.dat
├── rkhunter-YYYYMMDD-HHMMSS.log
├── chkrootkit-YYYYMMDD-HHMMSS.txt
├── oscap-results-YYYYMMDD-HHMMSS.xml
├── oscap-report-YYYYMMDD-HHMMSS.html
└── summary-YYYYMMDD-HHMMSS.txt
- The skill requires root privileges for accurate audit results
- All operations are read-only system access
- Reports are written only to the specified output directory
- No system modifications are performed during the audit