Metadata-Version: 2.4
Name: linux-security-audit-tool
Version: 0.1.7
Summary: Comprehensive Linux security auditing and hardening tool
Project-URL: Homepage, https://github.com/daedalus/linux-security-audit-tool
Project-URL: Repository, https://github.com/daedalus/linux-security-audit-tool
Project-URL: Issues, https://github.com/daedalus/linux-security-audit-tool/issues
Author-email: Dario Clavijo <clavijodario@gmail.com>
License: MIT
License-File: LICENSE
Requires-Python: >=3.11
Requires-Dist: click>=8.0
Requires-Dist: rich>=13.0
Requires-Dist: weasyprint>=60.0
Provides-Extra: all
Requires-Dist: hatch; extra == 'all'
Requires-Dist: hypothesis; extra == 'all'
Requires-Dist: mypy; extra == 'all'
Requires-Dist: pytest; extra == 'all'
Requires-Dist: pytest-asyncio; extra == 'all'
Requires-Dist: pytest-cov; extra == 'all'
Requires-Dist: pytest-mock; extra == 'all'
Requires-Dist: ruff; extra == 'all'
Provides-Extra: dev
Requires-Dist: hatch; extra == 'dev'
Requires-Dist: mypy; extra == 'dev'
Requires-Dist: ruff; extra == 'dev'
Provides-Extra: lint
Requires-Dist: mypy; extra == 'lint'
Requires-Dist: ruff; extra == 'lint'
Provides-Extra: test
Requires-Dist: hypothesis; extra == 'test'
Requires-Dist: pytest; extra == 'test'
Requires-Dist: pytest-asyncio; extra == 'test'
Requires-Dist: pytest-cov; extra == 'test'
Requires-Dist: pytest-mock; extra == 'test'
Description-Content-Type: text/markdown

# Linux Security Audit Tool

A comprehensive CLI tool for auditing Linux system security posture.

For all the checks to effectively be done this tool it needs root access.

[![PyPI](https://img.shields.io/pypi/v/linux-security-audit-tool.svg)](https://pypi.org/project/linux-security-audit-tool/)
[![Python](https://img.shields.io/pypi/pyversions/linux-security-audit-tool.svg)](https://pypi.org/project/linux-security-audit-tool/)
[![Ruff](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json)](https://github.com/astral-sh/ruff)

## Install

```bash
python3 -m venv venv
source venv/bin/activate
pip install linux-security-audit-tool
```

## Usage

```bash
sudo env "PATH=$PATH" security-audit --help
sudo env "PATH=$PATH" security-audit audit
sudo env "PATH=$PATH" security-audit audit -p 0 -1           # Run specific phases
sudo env "PATH=$PATH" security-audit audit -o report.md      # Save markdown report
sudo env "PATH=$PATH" security-audit audit --quiet           # Summary only
sudo env "PATH=$PATH" security-audit audit --debug           # Show executed commands
sudo env "PATH=$PATH" security-audit audit --remediate-all   # Generate remediation script for all findings
sudo env "PATH=$PATH" security-audit audit --remediate-only-critical  # Generate remediation script for CRITICAL only
sudo env "PATH=$PATH" security-audit audit --remediate-non-critical   # Generate remediation script for non-CRITICAL
sudo env "PATH=$PATH" security-audit audit --pdf report.pdf  # Generate PDF report
```

## CLI

```bash
security-audit [OPTIONS] COMMAND [ARGS]...

Options:
  --version  Show the version and exit.
  --help     Show this message and exit.

Commands:
  audit    Run a full security audit.
  version  Show version information.
```

## Audit Command Options

- `--output`, `-o FILE`            - Output file for markdown report
- `--phases`, `-p [0-9]`          - Specific phases to run (can be repeated)
- `--quiet`, `-q`                 - Suppress detailed output
- `--verbose`, `-v`               - Show descriptions and remediation
- `--debug`, `-d`                 - Show low-level commands being executed
- `--remediate-all`, `-r`         - Generate remediation script for all findings
- `--remediate-only-critical`     - Generate remediation script for CRITICAL findings only
- `--remediate-non-critical`      - Generate remediation script for non-CRITICAL findings
- `--remediate-script FILE`       - Save remediation script to file
- `--pdf FILE`                    - Generate PDF executive report
- `--cache`                       - Enable caching of check results
- `--cache-ttl INTEGER`           - Cache TTL in seconds (default: 3600)

## Development

```bash
git clone https://github.com/daedalus/linux-security-audit-tool.git
cd linux-security-audit-tool
pip install -e ".[test]"

# run tests
pytest

# format
ruff format src/ tests/

# lint
ruff check src/ tests/

# type check
mypy src/
```

## API

```python
from security_audit import gather_context, run_identity_checks, calculate_security_score
from security_audit.core import Finding, Severity

# Run a full audit
context = gather_context()
findings = run_identity_checks()
score = calculate_security_score(findings)
```

## Audit Phases

The tool performs security checks across 9 phases:

- **Phase 0**: Context Gathering (hostname, OS, kernel)
- **Phase 1**: Identity & Access Control (users, sudo, SSH)
- **Phase 2**: Network Exposure (listening services, firewall, sysctl)
- **Phase 3**: File System & Permissions (SUID, world-writable, cron)
- **Phase 4**: Process & Service Posture (services, AppArmor, SELinux, rkhunter)
- **Phase 5**: Kernel & OS Hardening (sysctl, ASLR, module blacklist)
- **Phase 6**: Logging & Monitoring (auditd, logs, syslog)
- **Phase 7**: Package & Update Hygiene (updates, repos)
- **Phase 8**: Cryptographic Posture (SSH keys, TLS, password hashing)
