A comprehensive, modular security audit framework for Linux systems supporting multiple compliance frameworks with automated remediation capabilities.
# Clone the repository
git clone https://github.com/Sandler73/Linux-Security-Audit-Project.git
cd Linux-Security-Audit-Project
# Run a complete security audit (requires sudo)
sudo python3 linux_security_audit.py
# View the interactive HTML report
# Opens automatically in your default browserThat's it! The tool will audit your system against all 8 security frameworks and generate a comprehensive report.
- Features
- Security Frameworks
- System Requirements
- Installation
- Basic Usage
- Documentation
- Output Formats
- Remediation
- Project Structure
- Contributing
- License
- Support
- 🔍 Comprehensive Security Assessment: 1000+ individual security checks across 8 frameworks
- 📊 Multiple Framework Support: CIS, NIST, STIG, NSA, CISA, ENISA, ISO27001, and Core baseline
- 🎨 Interactive HTML Reports: Rich, filterable reports with dark/light themes
- 🔧 Automated Remediation: Fix security issues with single commands or selective batch operations
- 📁 Multi-Format Output: HTML, CSV, JSON, XML, and Console formats
- 🔐 Privilege-Aware: Works with or without root (graceful degradation)
- 🎯 Selective Remediation: Export specific issues from HTML and fix only those
- 📈 Trend Analysis: Track security posture over time with JSON/CSV exports
- Dynamic Module Discovery: Automatically detects and validates security modules
- OS-Aware Checks: Distribution-specific optimizations (Debian, Ubuntu, RHEL, CentOS, Fedora, etc.)
- Smart Privilege Detection: Identifies what can/can't be checked without root
- Comprehensive Error Handling: Graceful failures with detailed error reporting
- Zero Dependencies: Uses only Python standard library (no pip install needed)
- Completely Offline: No internet connection required, no data transmitted
The project includes 8 specialized security modules:
| Module | Checks | Description | Best For |
|---|---|---|---|
| Core | 150+ | Industry best practices, OS-specific security | Everyone |
| CIS | 200+ | CIS Benchmarks compliance | General hardening, compliance |
| CISA | 140+ | Critical infrastructure protection | Government, critical sectors |
| ENISA | 135+ | EU cybersecurity guidelines | European organizations |
| ISO27001 | 145+ | Information security management | ISMS certification |
| NIST | 160+ | NIST 800-53, CSF 2.0, 800-171 | Federal, contractors |
| NSA | 155+ | Advanced security hardening | High-security environments |
| STIG | 180+ | DoD security requirements | Defense, contractors |
Total: 1,100+ comprehensive security checks
General Organizations: Start with Core + CIS
Financial/Healthcare: Use ISO27001 + NIST + CIS
Government/Federal: Use NIST + STIG + CISA
EU Organizations: Use ISO27001 + ENISA + CIS
Defense Contractors: Use STIG + NIST + NSA
📖 Complete Framework Reference →
- Operating System: Linux (any modern distribution)
- Python: Version 3.6 or higher
- Disk Space: 100 MB free
- Memory: 512 MB RAM (1 GB recommended)
- Privileges: Root/sudo recommended for complete results
- Ubuntu 18.04+, 20.04 LTS, 22.04 LTS, 24.04 LTS
- Debian 9+, 10, 11, 12
- RHEL 7, 8, 9
- CentOS 7, 8 Stream
- Fedora 28+, 35+, 38+
- Rocky Linux 8, 9
- AlmaLinux 8, 9
- Linux Mint 19+
- Kali Linux 2020+
- SUSE/openSUSE Leap 15+
- Arch Linux (rolling release)
No installation required! All dependencies are part of Python's standard library:
os,sys,json,csv,argparse,subprocessplatform,socket,datetime,pathlib,typingxml.etree.ElementTree,html,dataclasses
# Clone the repository
git clone https://github.com/Sandler73/Linux-Security-Audit-Project.git
# Navigate to directory
cd Linux-Security-Audit-Project
# Verify installation
python3 linux_security_audit.py --list-modules# Download latest release
wget https://github.com/Sandler73/Linux-Security-Audit-Project/archive/refs/heads/main.zip
# Extract
unzip main.zip
cd Linux-Security-Audit-Project-main
# Make executable
chmod +x linux_security_audit.pyDownload individual files from the repository and place in the same directory:
linux_security_audit.py(main script)module_*.py(all 8 module files)
# List available modules
python3 linux_security_audit.py --list-modules
# Run complete audit (all modules)
sudo python3 linux_security_audit.py
# Run specific modules
sudo python3 linux_security_audit.py -m Core,CIS,NIST
# Generate CSV report
sudo python3 linux_security_audit.py -f CSV -o security-audit.csv
# Quick console output
sudo python3 linux_security_audit.py -f Console# Establish initial security baseline
sudo python3 linux_security_audit.py -m Core,CIS -o baseline-$(date +%Y%m%d).html# Generate compliance report
sudo python3 linux_security_audit.py -m ISO27001,NIST,CIS -f HTML -o compliance-report.html# Daily automated audit (add to crontab)
0 2 * * * /usr/bin/python3 /opt/audit/linux_security_audit.py -f JSON -o /var/log/audit-$(date +\%Y\%m\%d).json# Generate XML for SIEM ingestion
sudo python3 linux_security_audit.py -f XML -o siem-feed.xml| Option | Description | Example |
|---|---|---|
-m, --modules |
Specify modules to run | -m Core,CIS,NIST |
-f, --output-format |
Output format | -f HTML |
-o, --output-path |
Output file path | -o report.html |
--list-modules |
List available modules | |
--remediate |
Interactive remediation | |
--remediate-fail |
Fix only FAIL status | |
--auto-remediate |
Automatic remediation | |
--remediation-file |
Fix specific issues from JSON |
- 🏠 Wiki Home - Complete documentation hub
- ⚡ Quick Start - Get started in minutes
- 📖 Usage Guide - Comprehensive usage instructions
- 🔍 Module Documentation - Detailed module capabilities
- 📊 Output Reference - Understanding reports and formats
- 🛡️ Framework Reference - Security standards details
- 💻 Development Guide - Contributing and extending
- 🔧 Troubleshooting - Common issues and solutions
- ❓ FAQ - Frequently asked questions
- Installation: Quick Start Guide
- First Run: Quick Start Guide
- Understanding Results: Output Reference
- Remediation: Usage Guide
- Common Issues: Troubleshooting Guide
- Architecture: Development Guide
- Creating Modules: Development Guide
- Code Standards: Development Guide
- Contributing: Development Guide
- Framework Details: Framework Reference
- Module Coverage: Module Documentation
- Compliance Mapping: Framework Reference
Interactive, browser-based report with:
- ✅ Sortable and filterable tables
- ✅ Full-text search across all fields
- ✅ Dark/Light theme toggle
- ✅ Export selected issues to JSON
- ✅ Inline remediation commands
- ✅ Summary statistics dashboard
sudo python3 linux_security_audit.py -f HTMLSpreadsheet-compatible format for:
- ✅ Excel/Google Sheets analysis
- ✅ Custom reporting and graphing
- ✅ Historical trend analysis
- ✅ Data manipulation
sudo python3 linux_security_audit.py -f CSV -o audit.csvStructured data for:
- ✅ API integration
- ✅ SIEM ingestion
- ✅ Automation workflows
- ✅ Selective remediation
- ✅ Custom scripting
sudo python3 linux_security_audit.py -f JSON -o audit.jsonEnterprise tool integration:
- ✅ SIEM systems (Splunk, QRadar)
- ✅ GRC platforms
- ✅ Configuration management
- ✅ Legacy system compatibility
sudo python3 linux_security_audit.py -f XML -o audit.xmlReal-time terminal output:
- ✅ Color-coded status
- ✅ No file creation
- ✅ SSH-friendly
- ✅ Quick validation
sudo python3 linux_security_audit.py -f ConsoleThe tool provides multiple remediation approaches for fixing security issues:
Review and approve each fix individually:
sudo python3 linux_security_audit.py --remediateWorkflow:
- Shows each issue with details
- Displays remediation command
- Prompts for confirmation
- Executes if approved
- Reports results
Fix only specific severity levels:
# Fix only critical FAIL issues
sudo python3 linux_security_audit.py --remediate-fail
# Fix WARNING level issues
sudo python3 linux_security_audit.py --remediate-warning
# Combine with auto-remediation
sudo python3 linux_security_audit.py --remediate-fail --auto-remediateMost precise approach - fix only specific issues:
- Run audit and generate HTML report
- Review findings in browser
- Select specific issues using checkboxes
- Click "Export Selected" button
- Run remediation with exported file:
sudo python3 linux_security_audit.py --auto-remediate --remediation-file Selected-Report.jsonBatch fix all issues with confirmation:
sudo python3 linux_security_audit.py --auto-remediate- Always test in non-production first
- Review remediation commands before executing
- Backup critical configurations
- Have console access in case SSH breaks
- Schedule during maintenance windows
Linux-Security-Audit-Project/
├── linux_security_audit.py # Main orchestrator script
├── module_core.py # Core security baseline (150+ checks)
├── module_cis.py # CIS Benchmarks (200+ checks)
├── module_cisa.py # CISA guidance (140+ checks)
├── module_enisa.py # ENISA guidelines (135+ checks)
├── module_iso27001.py # ISO 27001 controls (145+ checks)
├── module_nist.py # NIST frameworks (160+ checks)
├── module_nsa.py # NSA hardening (155+ checks)
├── module_stig.py # DISA STIGs (180+ checks)
├── README.md # This file
├── LICENSE # MIT License
├── CHANGELOG.md # Version history
├── SECURITY.md # Security policy
└── .gitignore # Git ignore rules
We welcome contributions! Here's how you can help:
- 🐛 Report Bugs: Open an issue
- 💡 Suggest Features: Request enhancements
- 📝 Improve Documentation: Fix errors, add examples
- 💻 Write Code: Implement features, fix bugs
- 🛡️ Add Checks: Create new security checks
- 🔍 Review PRs: Help review pull requests
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Make your changes
- Test thoroughly (root and non-root)
- Commit with clear messages (
git commit -m 'Add amazing feature') - Push to your fork (
git push origin feature/amazing-feature) - Open a Pull Request
# Clone your fork
git clone https://github.com/YOUR_USERNAME/Linux-Security-Audit-Project.git
cd Linux-Security-Audit-Project
# Create development branch
git checkout -b feature/your-feature
# Make changes and test
python3 linux_security_audit.py --list-modules
sudo python3 linux_security_audit.py -m YourModule
# Run tests (if available)
python3 -m pytest tests/- Follow PEP 8 style guide
- Use type hints where applicable
- Write comprehensive docstrings
- Add inline comments for complex logic
- Include error handling
- Test both root and non-root execution
📖 Complete Development Guide →
This project is licensed under the MIT License - see the LICENSE file for details.
✅ Permissions:
- Commercial use
- Modification
- Distribution
- Private use
✅ Conditions:
- License and copyright notice
✅ Limitations:
- No liability
- No warranty
- 📖 Check Documentation: Start with Wiki
- 🔍 Search Issues: Look for existing issues
- ❓ Read FAQ: Check Frequently Asked Questions
- 🔧 Troubleshooting: Review Troubleshooting Guide
- 💬 Open Issue: Create new issue
When opening an issue, please include:
For Bug Reports:
- Clear description of the issue
- Steps to reproduce
- Expected vs actual behavior
- Environment details (OS, Python version)
- Error messages and logs
- Screenshots (if applicable)
For Feature Requests:
- Use case description
- Why it's needed
- Proposed implementation
- Benefit to other users
- GitHub Issues: Bug reports and feature requests
- Pull Requests: Code contributions
- Discussions: Questions and ideas (if enabled)
- Wiki: Comprehensive documentation
This project implements guidance from:
- CIS - Center for Internet Security
- NIST - National Institute of Standards and Technology
- DISA - Defense Information Systems Agency
- NSA - National Security Agency
- CISA - Cybersecurity and Infrastructure Security Agency
- ENISA - European Union Agency for Cybersecurity
- ISO - International Organization for Standardization
Thanks to the open-source security community for:
- Security research and vulnerability disclosure
- Framework development and maintenance
- Best practices documentation
- Tool development and testing
- Version: 1.1
- Release Date: January 2026
- Total Checks: 1,100+
- Modules: 8
- Output Formats: 5
- Python Version: 3.6+
- License: MIT
- Status: Active Development
Made with ❤️ for the Linux security community