-
Notifications
You must be signed in to change notification settings - Fork 2
Home
Welcome to the documentation for the Linux Security Audit Project! This wiki provides everything you need to install, configure, use, and extend this security compliance auditing tool.
| Getting Started | Reference | Development |
|---|---|---|
| Quick Start Guide | Framework Reference | Development Guide |
| Usage Guide | Module Documentation | Contributing |
| Installation | Output Reference | Security Policy |
| Examples |
The Linux Security Audit Project is a comprehensive Python-based security compliance auditing tool that:
- ✅ Performs 1,207 automated security checks across 8 compliance frameworks
- ✅ Generates reports in multiple formats (HTML, JSON, CSV, XML, Console) with companion JSON metadata
- ✅ Provides detailed remediation guidance with commands and severity ratings
- ✅ Operates audit-only by default — opt-in remediation modes (
--remediate-fail,--auto-remediate) require explicit confirmation - ✅ Compliance scoring — weighted, simple, and severity-adjusted scores with configurable pass/fail thresholds
- ✅ Zero external dependencies — pure Python 3.7+ stdlib; no pip, conda, or external HTTP at runtime
- ✅ Standalone module execution — any module is fully runnable on its own
- ✅ Cache-aware architecture — shared data cache delivers ~50% hit rate across modules
- ✅ Parallel execution — configurable worker count via
--parallel --workers N - ✅ OS-aware checks — distribution-specific optimizations for Debian, Red Hat, SUSE, and Arch families
- ✅ Open source under MIT license
| Module | Framework | Checks |
|---|---|---|
| Core | Foundational Linux Security Baseline | 153 |
| CIS | CIS Benchmarks for Linux | 212 |
| CISA | CISA Directives, KEV Catalog, Zero Trust | 147 |
| ENISA | ENISA Cybersecurity Guidelines (EU) | 97 |
| ISO27001 | ISO/IEC 27001:2022 Annex A Technical Controls | 115 |
| NIST | NIST SP 800-53 R5 / CSF 2.0 / 800-171 | 172 |
| NSA | NSA Cybersecurity Guidance | 144 |
| STIG | DISA STIGs (CAT I/II/III, V-numbers) | 167 |
| TOTAL | 8 frameworks | 1,207 |
Get running in under 5 minutes
Perfect for first-time users. Covers:
- Prerequisites verification
- Installation (Git and manual)
- Running your first audit
- Understanding output
- Common first-run scenarios
- Next steps
Detailed installation instructions including:
- System requirements (Python 3.7+, root/sudo)
- Directory structure verification
- Module discovery testing
Comprehensive usage instructions for all scenarios
Learn how to:
- Use command-line parameters (19 flags)
- Select specific modules
- Configure output formats and logging
- Use parallel execution and profiling
- Implement common use cases (compliance validation, hardening, drift detection)
- Interpret results and compliance scores
- Follow remediation workflow
- Automate and schedule audits
Featured Sections:
Understanding and using audit reports
Detailed guide to:
- HTML reports (18+ interactive features, SVG dashboard, compliance scoring)
- JSON reports (machine-readable, automation-friendly, companion metadata)
- CSV reports (spreadsheet-compatible, tracking)
- XML reports (SIEM integration)
- Console output (real-time progress with compliance scores)
- Report locations and naming (
reports/andlogs/directories) - Parsing and integration examples
Real-world execution examples
For each of the 8 modules:
- Full module description and coverage areas
- Console output from test system execution
- HTML report preview and feature demonstration
Detailed information about each security framework
Comprehensive documentation on:
- Core: Baseline security, OS detection, distribution-specific guidance
- CIS: Benchmark sections 1-6, scored recommendations, implementation groups
- CISA: BODs, KEV catalog, zero trust maturity model, CPGs
- ENISA: EU cybersecurity, GDPR-aligned controls, NIS2
- ISO 27001: Annex A controls A.8.1-A.8.26, ISMS integration
- NIST: 800-53 control families, CSF 2.0 functions, 800-171 CUI
- NSA: SELinux/MAC, cryptographic standards, FIPS, CSfC
- STIG: CAT I/II/III severity, V-numbers, RHEL/Ubuntu STIGs
Each section includes framework overview, organization background, specific standards referenced, check categories, resources, and applicability guidance.
Deep dive into each security module
For each of the 8 modules:
- Module overview and purpose
- Check categories and count
- Key checks performed
- Control/requirement mappings
- Usage examples (standalone and integrated)
- When to use the module
Solve common issues quickly
Comprehensive troubleshooting for:
- Execution Issues: Script won't run, module not found
- Permission Errors: Access denied, root/sudo privileges
- Module Errors: Individual module failures
- Output Issues: Reports not generating, format problems
- Performance Problems: Slow execution, caching issues
- Results Interpretation: Understanding findings and compliance scores
Quick answers to common questions
Organized by topic: general, installation, execution, results, remediation, integration, troubleshooting, security, and compliance.
For developers and contributors
Complete guide covering:
- Development environment setup
- Project architecture (orchestrator, modules, shared components)
- Creating new modules with shared caching API
- Adding new checks with result format
- Testing on multiple distributions
- Code style and conventions
- Debugging techniques
- Performance optimization
How to contribute to the project
Ways to contribute: bugs, features, documentation, code, testing, translations. Development workflow, module checklist, and coding standards.
Responsible disclosure and security practices
Supported versions, vulnerability reporting, security considerations, and report security guidance.
- Quick Start Guide — Get up and running
- Usage Guide — Learn basic usage
- FAQ — Find answers to common questions
- Module Documentation — Understand what each module checks
- Output Reference — Master report analysis
- Examples — See real-world output
- Troubleshooting — Solve issues
- Framework Reference — Understand compliance frameworks
- Usage Guide — Compliance scenarios
- Module Documentation — Framework-specific checks
- Examples — Sample audit output for evidence
- Development Guide — Set up dev environment
- Contributing — Contribution process
- Security Policy — Security practices
- README.md — Project overview and quick start
- CHANGELOG.md — Version history and release notes
- LICENSE.md — MIT License with supplementary terms
- CONTRIBUTING.md — Contribution guidelines
- SECURITY.md — Security policy
Framework Documentation:
Python & Linux Resources:
- 💬 GitHub Discussions — Ask questions, share tips
- 🐛 GitHub Issues — Report bugs, request features
- 📖 Wiki — Complete documentation (you are here!)
- ⭐ Star the repository — Show support and get notifications
- 👀 Watch releases — Get notified of new versions
- 🔄 Follow the project — Stay informed of updates
We welcome contributions! Ways to help:
- 🐛 Report bugs
- 💡 Suggest features
- 📝 Improve documentation
- 🔧 Submit bug fixes
- ✨ Add new modules or checks
- 🧪 Test on different Linux distributions
See Contributing Guidelines or the Development Guide to get started.
# Run all checks with HTML output
sudo python3 linux_security_audit.py
# Run specific modules
sudo python3 linux_security_audit.py -m STIG,NIST,CIS
# Parallel execution with profiling
sudo python3 linux_security_audit.py --parallel --workers 4 --profile
# JSON output for automation
sudo python3 linux_security_audit.py -f JSON -o "/opt/audits/report.json" --quiet
# Verbose mode for troubleshooting
sudo python3 linux_security_audit.py --verbose --log-level DEBUG| Use Case | Recommended Modules |
|---|---|
| Federal/DoD Systems | STIG, NIST, CISA |
| EU Compliance | ENISA, ISO27001 |
| Enterprise Best Practices | CIS, Core |
| Critical Infrastructure | CISA, NSA |
| Quick Assessment | Core |
| Comprehensive Audit | All modules |
| Status | Symbol | Meaning | Action |
|---|---|---|---|
| Pass | ✅ | Compliant | None |
| Fail | ❌ | Security issue | Fix immediately |
| Warning | Potential issue | Review | |
| Info | ℹ️ | Informational | Note |
| Error | 🔴 | Check failed | Investigate |
See CHANGELOG.md for complete version history.
Current Version: 2.0
- Shared components library with intelligent caching
- Parallel module execution
- Complete HTML report rewrite (18+ features)
- Compliance scoring (3 methods)
- Structured logging
- OS-aware checks across 4 distribution families
- 1,207 validated security checks across 8 frameworks
- Home (you are here)
- Quick Start Guide
- Usage Guide
- FAQ
- Use the search (top right) to find specific topics
- Sidebar navigation (right side) provides quick access to all pages
- Links are color-coded: Blue for internal wiki pages, purple for external resources
- Code blocks have copy button for easy use
- Most pages have a Table of Contents at the top for quick navigation
Thank you for using the Linux Security Audit Project! This tool is maintained by volunteers and supported by the security community.
Questions? Issues? Ideas? We'd love to hear from you:
If this tool helps you, please:
- ⭐ Star the repository
- 📢 Share with colleagues
- 🤝 Contribute back
Made with ❤️ for the cybersecurity community
Linux Security Audit Project · Version 2.0 · MIT License
Last Updated: April 2026
Maintained By: Ryan Sandler
Project Status: Active Development
Linux Security Audit Project · Version 2.0 · MIT License
Repository · Releases · Issues · Pull Requests
Changelog · Contributing · Security Policy · License
Frameworks: Core · CIS · CISA · ENISA · ISO 27001 · NIST · NSA · STIG
Coverage: 8 Modules · 1,207 Automated Security Checks · 5 Native Output Formats · Zero External Dependencies
This documentation reflects Linux Security Audit Project v2.0 released 2026-03-02. For older versions, see the release tags.
Version 2.0 · 8 modules · 1,207 checks
Frameworks Covered
Core · CIS · CISA · ENISA · ISO 27001 · NIST · NSA · STIG
Output Formats
HTML · JSON · CSV · XML · Console
Status Values
Pass · Fail · Warning · Info · Error
Severity Levels
Critical · High · Medium · Low · Informational