Skip to content

Examples

Jump to bottom
Ryan edited this page Apr 26, 2026 · 1 revision

Examples

Version: 2.0
Last Updated: April 2026

Overview

This page provides real-world execution examples for every module in the Linux Security Audit tool. Each section includes a full description of the module's purpose and coverage, followed by actual console output captured from a test system. The final section demonstrates the interactive HTML report generated by the tool.

These examples serve multiple purposes: they give new users a realistic preview of what to expect before running the tool, help experienced users compare their output against a reference baseline, and provide documentation of the tool's behavior for compliance and audit evidence purposes.

Test Environment

All examples on this page were captured on the following test system:

Property Value
Operating System Ubuntu 24.04 LTS
Kernel (to be filled)
Python Version 3.12.x
Tool Version 2.0
Execution Mode Root (sudo)
Date Captured (to be filled)

Module Quick Reference

Module Checks Section Focus
Core 153 Jump ↓ Baseline security, OS detection, system hardening
CIS 212 Jump ↓ CIS Benchmarks sections 1-6
CISA 147 Jump ↓ BODs, KEV catalog, zero trust
ENISA 97 Jump ↓ EU cybersecurity, GDPR-aligned controls
ISO27001 115 Jump ↓ ISO 27001:2022 Annex A technical controls
NIST 172 Jump ↓ NIST 800-53 R5, CSF 2.0, 800-171
NSA 144 Jump ↓ SELinux/MAC, kernel hardening, cryptography
STIG 167 Jump ↓ DISA STIGs, V-numbers, CAT I/II/III
Total 1,207
HTML Report Jump ↓ Interactive report with dashboard

Core Module

Description

File: modules/module_core.py
Checks: 153
Version: 2.0

The Core module performs a comprehensive baseline security assessment for Linux systems based on industry best practices and OS-specific security guidance. It serves as the foundational module that all other framework-specific modules build upon.

Security Domains Covered:

  • OS Detection and Version Management — Identifies the Linux distribution family (Debian, Red Hat, SUSE, Arch), version, codename, and end-of-life status. This detection drives OS-specific checks throughout the entire audit.
  • Package Management Security — Distribution-aware checks for APT (Debian/Ubuntu), YUM/DNF (RHEL/Fedora/Rocky/Alma), Zypper (SUSE/openSUSE), and Pacman (Arch/Manjaro). Covers repository authentication, automatic security updates, and package integrity verification.
  • Service Management and Hardening — Evaluates systemd service configurations, identifies unnecessary or dangerous services (telnet, rsh, rexec, NFS, SNMP), and checks for proper service isolation using systemd security directives.
  • User and Group Security — Audits password policies, account lockout settings, PAM configuration, sudo access controls, empty password accounts, UID 0 accounts, login shell restrictions, and home directory permissions.
  • Filesystem Security and Permissions — Checks critical file permissions (/etc/passwd, /etc/shadow, /etc/group, /etc/gshadow), world-writable directories, sticky bit enforcement, SUID/SGID binaries, and mount option hardening (noexec, nosuid, nodev on /tmp, /var/tmp, /dev/shm).
  • Network Configuration Baseline — Validates IP forwarding disabled, ICMP redirect handling, source routing controls, TCP SYN cookies, reverse path filtering, and IPv6 configuration. Checks for listening services on unexpected ports.
  • Process and Memory Security — Evaluates ASLR (Address Space Layout Randomization), kernel pointer restriction (kptr_restrict), dmesg restriction, core dump configuration, and ptrace scope controls.
  • System Updates and Patch Management — Checks for pending security updates, automatic update configuration, and repository freshness.
  • Security Tools and Monitoring — Verifies presence and status of intrusion detection systems (AIDE, OSSEC, Tripwire), antivirus tools (ClamAV), and audit frameworks (auditd).
  • Boot Security — Validates GRUB bootloader password protection, secure boot configuration, and boot partition permissions.
  • Mandatory Access Control — Checks SELinux status and mode (Red Hat) or AppArmor profiles and enforcement (Debian/Ubuntu).
  • Container and Cloud Security — Detects containerized environments (Docker, LXC, systemd-nspawn) and cloud platforms (AWS, Azure, GCP) with environment-appropriate check adjustments.
  • Cryptographic Policy — Validates system-wide crypto policies (Red Hat crypto-policies), TLS minimum versions, and deprecated algorithm exclusion.

OS-Specific Coverage:

  • Debian-based (Ubuntu, Debian, Linux Mint, Kali): Debian Security Advisories (DSA), Ubuntu Security Notices (USN), APT security configuration
  • Red Hat-based (RHEL, Fedora, CentOS, Rocky, AlmaLinux): Red Hat Security Advisories (RHSA), YUM/DNF security configuration, SELinux
  • SUSE-based (SLES, openSUSE): Zypper security patches, SUSE security advisories
  • Arch-based (Arch Linux, Manjaro): Pacman security, Arch Security Advisories (ASA)

Console Output

Instructions: Run sudo python3 linux_security_audit.py -m Core --verbose on your test system and paste the complete console output below, replacing the placeholder.

[Paste Core module console output here]

↑ Back to Module Quick Reference

CIS Module

Description

File: modules/module_cis.py
Checks: 212
Version: 2.0

The CIS module implements comprehensive Center for Internet Security (CIS) Benchmark controls for Linux systems. CIS Benchmarks are consensus-based security configuration guidelines developed by a global community of cybersecurity experts and are widely recognized as the industry standard for system hardening.

CIS Benchmark Sections Covered:

  • Section 1 — Initial Setup

    • 1.1 Filesystem Configuration: Disabling unused filesystems (cramfs, freevxfs, jffs2, hfs, hfsplus, squashfs, udf, vfat), /tmp and /var/tmp mount options (noexec, nosuid, nodev), separate partitions for /var, /var/log, /var/log/audit, /home
    • 1.2 Package Management: GPG key verification for packages, repository authentication
    • 1.4 Secure Boot Settings: GRUB bootloader configuration, boot password protection, single-user mode authentication
    • 1.5 Additional Process Hardening: Core dump restrictions, ASLR enforcement, prelink disabled
    • 1.6 Mandatory Access Control: SELinux or AppArmor enabled and enforcing, unconfined processes
    • 1.7 Warning Banners: Login banners for /etc/motd, /etc/issue, /etc/issue.net with no OS/kernel information leakage

  • Section 2 — Services

    • 2.1 Time Synchronization: NTP or chrony configured and running
    • 2.2 Special Purpose Services: X Window System, Avahi, CUPS, DHCP, LDAP, NFS, DNS, FTP, HTTP, IMAP, POP3, Samba, Squid, SNMP, rsync, NIS disabled or secured
    • 2.3 Service Clients: NIS client, rsh client, talk client, telnet client, LDAP client removed
    • 2.4 Nonessential Services: Identification and disabling of unnecessary listening services

  • Section 3 — Network Configuration

    • 3.1 Network Parameters (Host Only): IP forwarding disabled, packet redirect sending disabled
    • 3.2 Network Parameters (Host and Router): Source routed packets, ICMP redirects, secure ICMP redirects, suspicious packets logging, broadcast ICMP requests, bogus ICMP responses, reverse path filtering, TCP SYN cookies
    • 3.3 IPv6: IPv6 router advertisements, redirect acceptance
    • 3.4 Firewall Configuration: iptables/nftables installed, default deny policies, loopback traffic rules, outbound and established connections, open ports justified
    • 3.5 Uncommon Network Protocols: DCCP, SCTP, RDS, TIPC disabled

  • Section 4 — Logging and Auditing

    • 4.1 Configure System Accounting (auditd): auditd installed and enabled, audit log storage and retention, audit rules for identity changes, permissions, system calls, file access, session events, login/logout, DAC modifications, privileged commands, mount operations, file deletion
    • 4.2 Configure Logging: rsyslog or syslog-ng installed and configured, remote logging, log file permissions
    • 4.3 Log Rotation: logrotate configured for all log files

  • Section 5 — Access, Authentication and Authorization

    • 5.1 Configure cron: cron daemon enabled, crontab permissions (/etc/crontab, /etc/cron.hourly/daily/weekly/monthly, /etc/cron.d), at/cron restricted to authorized users
    • 5.2 SSH Server Configuration: Protocol version, log level, X11 forwarding, MaxAuthTries, IgnoreRhosts, HostbasedAuthentication, root login, empty passwords, PermitUserEnvironment, strong ciphers, MACs, key exchange algorithms, idle timeout, login grace time, access restrictions, banner
    • 5.3 Configure PAM: Password creation requirements (pam_pwquality), lockout policy (pam_faillock), password reuse limitation, password hashing algorithm (SHA-512)
    • 5.4 User Accounts and Environment: Password expiration, minimum days, warning age, inactive lock, default group, default umask, shell timeout

  • Section 6 — System Maintenance

    • 6.1 System File Permissions: /etc/passwd, /etc/shadow, /etc/group, /etc/gshadow, /etc/passwd-, /etc/shadow-, /etc/group-, /etc/gshadow- permissions and ownership
    • 6.2 User and Group Settings: No duplicate UIDs, GIDs, user names, or group names; all users have valid home directories; root PATH integrity

Console Output

Instructions: Run sudo python3 linux_security_audit.py -m CIS --verbose on your test system and paste the complete console output below.

[Paste CIS module console output here]

↑ Back to Module Quick Reference

CISA Module

Description

File: modules/module_cisa.py
Checks: 147
Version: 2.0

The CISA module implements security checks based on the Cybersecurity and Infrastructure Security Agency's directives, advisories, and best practices for protecting critical infrastructure and federal information systems.

CISA Directives and Guidance Covered:

  • Binding Operational Directives (BODs)

    • BOD 18-01: Enhanced email and web security — DMARC, SPF, DKIM, STARTTLS, HTTPS enforcement
    • BOD 19-02: Vulnerability remediation requirements — critical vulnerability patching timelines
    • BOD 20-01: Vulnerability disclosure policy development
    • BOD 22-01: Reducing risk of Known Exploited Vulnerabilities (KEV) — checks for software versions affected by actively exploited CVEs
    • BOD 23-01: Improving asset visibility and vulnerability detection — asset discovery, network-accessible management interfaces

  • Known Exploited Vulnerabilities (KEV) Catalog — Validates that system software versions are not listed in CISA's KEV catalog, checks for critical patches against known exploitation vectors

  • Zero Trust Architecture — Network segmentation, micro-segmentation readiness, least-privilege access, identity verification, continuous monitoring, device trust evaluation

  • CISA Cybersecurity Performance Goals (CPGs) — Cross-sector baseline controls including MFA enforcement, strong password policies, known/default password elimination, vendor/OEM security

  • Supply Chain Security — Software provenance, package manager integrity, repository authentication, binary verification

  • Authentication and Access Control — Multi-factor authentication readiness, privilege escalation controls, session management, remote access hardening

  • Network Security — Firewall configuration, network segmentation, DNS security, encrypted communications, listening service minimization

  • Logging and Monitoring — Centralized logging, log retention, audit trail completeness, anomaly detection readiness

  • Incident Response Readiness — IR plan indicators, backup verification, recovery capability, communication security

  • Data Protection — Encryption at rest and in transit, data classification readiness, secure data handling

Console Output

Instructions: Run sudo python3 linux_security_audit.py -m CISA --verbose on your test system and paste the complete console output below.

[Paste CISA module console output here]

↑ Back to Module Quick Reference

ENISA Module

Description

File: modules/module_enisa.py
Checks: 97
Version: 2.0

The ENISA module implements security checks aligned with the European Union Agency for Cybersecurity (ENISA) guidelines and recommendations. These guidelines support EU member states in achieving cybersecurity resilience and are closely aligned with GDPR technical requirements.

ENISA Cybersecurity Coverage:

  • Baseline Security Measures — Fundamental security controls recommended by ENISA for all organizations, including system hardening, access control, and configuration management
  • Network Security Controls — Firewall policies, network segmentation, encrypted communications, DNS security, and network monitoring aligned with ENISA's network security guidelines
  • System Hardening and Configuration — OS-level hardening, unnecessary service removal, secure default configurations, and configuration change management
  • Access Control and Identity Management — Authentication strength, privilege management, session controls, and identity lifecycle management per ENISA guidelines
  • Data Protection and Privacy (GDPR-aligned) — Encryption enforcement, data-at-rest protection, secure data transmission, and privacy-by-design controls that map to GDPR Article 32 technical measures
  • Logging, Monitoring and Incident Response — Audit logging completeness, log protection, monitoring coverage, and incident detection and response capabilities
  • Cryptographic Controls — TLS configuration, cipher suite strength, certificate management, and deprecated algorithm detection
  • Vulnerability and Patch Management — Security update status, automatic patching configuration, and vulnerability scanning readiness
  • Supply Chain Security — Package repository integrity, software provenance, and dependency verification

OS-Specific Adaptations: Debian-based (APT, AppArmor), Red Hat-based (YUM/DNF, SELinux), SUSE (Zypper), Arch (Pacman)

Key ENISA References: ENISA Cybersecurity Guide for SMEs, ENISA Threat Landscape, ENISA Good Practices for Security, ENISA Baseline Security Recommendations, ENISA Guidelines for Incident Response

Console Output

Instructions: Run sudo python3 linux_security_audit.py -m ENISA --verbose on your test system and paste the complete console output below.

[Paste ENISA module console output here]

↑ Back to Module Quick Reference

ISO27001 Module

Description

File: modules/module_iso27001.py
Checks: 115
Version: 2.0

The ISO27001 module implements technical controls from ISO/IEC 27001:2022, focusing on the Annex A controls that can be programmatically audited on Linux systems. ISO 27001 is the international standard for information security management systems (ISMS) and is widely used for compliance certification globally.

ISO 27001:2022 Annex A Controls Covered:

  • A.8.1 User Endpoint Devices — Screen lock, session timeout, removable media controls
  • A.8.2 Privileged Access Rights — Sudo configuration, privilege escalation controls, root account restrictions
  • A.8.3 Information Access Restriction — File permissions, access control lists, umask settings
  • A.8.4 Access to Source Code — Source code repository permissions, development tool access
  • A.8.5 Secure Authentication — Password complexity, multi-factor readiness, authentication mechanisms (PAM), failed login handling
  • A.8.6 Capacity Management — Disk usage monitoring, inode monitoring, resource limits
  • A.8.7 Protection Against Malware — Antivirus status (ClamAV), real-time scanning, definition currency
  • A.8.8 Management of Technical Vulnerabilities — Patch status, security update configuration, vulnerability scanning
  • A.8.9 Configuration Management — Baseline configuration, configuration change tracking, hardening standards
  • A.8.10 Information Deletion — Secure delete tools, data retention controls
  • A.8.11 Data Masking — Log sanitization, sensitive data handling
  • A.8.12 Data Leakage Prevention — Outbound data controls, USB restrictions, network egress filtering
  • A.8.13 Information Backup — Backup configuration, backup integrity verification, recovery testing indicators
  • A.8.15 Logging — Audit logging (auditd), syslog configuration, log completeness, timestamp synchronization
  • A.8.16 Monitoring Activities — System monitoring tools, process monitoring, file integrity monitoring
  • A.8.17 Clock Synchronization — NTP/chrony configuration, time source accuracy
  • A.8.18 Use of Privileged Utility Programs — Privileged command logging, sudo audit trail
  • A.8.19 Installation of Software — Package manager restrictions, unauthorized software detection
  • A.8.20 Networks Security — Firewall configuration, network filtering, iptables/nftables rules
  • A.8.21 Security of Network Services — SSH hardening, service authentication, network service configuration
  • A.8.22 Segregation of Networks — Network segmentation, VLAN configuration, zone isolation
  • A.8.23 Web Filtering — DNS filtering, proxy configuration, content filtering
  • A.8.24 Use of Cryptography — TLS versions, cipher suites, certificate validity, key management
  • A.8.25 Secure Development Life Cycle — Development tool security, code repository controls, build environment hardening
  • A.8.26 Application Security Requirements — Application firewall, input validation indicators, secure defaults

Console Output

Instructions: Run sudo python3 linux_security_audit.py -m ISO27001 --verbose on your test system and paste the complete console output below.

[Paste ISO27001 module console output here]

↑ Back to Module Quick Reference

NIST Module

Description

File: modules/module_nist.py
Checks: 172
Version: 2.0

The NIST module performs exhaustive security checks aligned with the National Institute of Standards and Technology publications. NIST standards are mandatory for U.S. federal information systems and widely adopted as best-practice references by private-sector organizations worldwide.

NIST 800-53 Rev 5 Control Families:

  • AC — Access Control — Account management, access enforcement, separation of duties, least privilege, unsuccessful login attempts, session controls, permitted actions without identification, remote access, wireless access
  • AU — Audit and Accountability — Audit events, content of audit records, audit storage capacity, response to audit failures, audit review/analysis/reporting, audit reduction, time stamps, protection of audit information
  • CM — Configuration Management — Baseline configuration, configuration change control, security impact analysis, least functionality, software usage restrictions, user-installed software
  • IA — Identification and Authentication — User identification, device identification, authenticator management, authenticator feedback, cryptographic module authentication
  • IR — Incident Response — Incident response training, incident response testing, incident handling, incident monitoring, incident reporting
  • SC — System and Communications Protection — Application partitioning, information in shared resources, denial of service protection, boundary protection, transmission confidentiality/integrity, network disconnect, cryptographic key management, cryptographic protection, public access protections
  • SI — System and Information Integrity — Flaw remediation, malicious code protection, information system monitoring, security alerts, software/firmware integrity, spam protection, memory protection
  • CP — Contingency Planning — Contingency plan, contingency training, contingency plan testing, information system backup, information system recovery
  • MA — Maintenance — Controlled maintenance, maintenance tools, nonlocal maintenance, maintenance personnel
  • MP — Media Protection — Media access, media marking, media storage, media transport, media sanitization
  • PE — Physical and Environmental — Physical access authorizations, physical access control, monitoring physical access
  • RA — Risk Assessment — Security categorization, risk assessment, vulnerability scanning
  • SA — System and Services Acquisition — Allocation of resources, system development life cycle, acquisition process, information system documentation, security engineering principles

NIST Cybersecurity Framework 2.0 (CSF):

  • Govern (GV): Organizational context, risk management strategy, policies
  • Identify (ID): Asset management, risk assessment, improvement
  • Protect (PR): Identity management, access control, data security, platform security, technology infrastructure resilience
  • Detect (DE): Continuous monitoring, adverse event analysis
  • Respond (RS): Incident management, analysis, mitigation, reporting
  • Recover (RC): Recovery plan execution, communication

NIST 800-171 Rev 2: Protection of Controlled Unclassified Information (CUI) in non-federal systems — 14 requirement families with 110 security requirements

Console Output

Instructions: Run sudo python3 linux_security_audit.py -m NIST --verbose on your test system and paste the complete console output below.

[Paste NIST module console output here]

↑ Back to Module Quick Reference

NSA Module

Description

File: modules/module_nsa.py
Checks: 144
Version: 2.0

The NSA module implements security checks based on the National Security Agency's cybersecurity guidance publications. NSA guidance represents some of the most rigorous security hardening standards available and is designed for enterprise-grade security in defense and critical infrastructure environments.

NSA Cybersecurity Guidance Areas:

  • SELinux/Mandatory Access Control (MAC) — SELinux was originally developed by NSA as a mandatory access control mechanism for Linux. This section checks SELinux installation, enforcing mode, policy type (targeted/strict), boolean configurations, unconfined processes, port labeling, file context integrity, and policy module management. On Debian-based systems, equivalent AppArmor checks are performed.

  • Network Security Hardening — Firewall policy enforcement, network segmentation, listening service minimization, IPv6 security controls, DNS security (DNSSEC readiness), network stack hardening (SYN cookies, reverse path filtering, ICMP restrictions, source routing disabled), TCP wrapper configuration, and wireless interface controls.

  • Kernel Security Configuration — ASLR enforcement, kernel pointer restriction, dmesg restriction, core dump controls, ptrace scope, kernel module loading controls, SysRq restrictions, unprivileged BPF and user namespaces, Yama LSM, and exec-shield where applicable.

  • System Hardening and Configuration — GRUB bootloader password, single-user mode authentication, USB storage controls, removable media restrictions, unnecessary package removal, compiler access restrictions, cron/at access controls, MOTD/banner configuration, and automatic session termination.

  • Cryptographic Standards and Implementation — FIPS 140-2/140-3 mode validation, TLS 1.2+ enforcement, strong cipher suite configuration, deprecated algorithm removal (RC4, DES, 3DES, MD5), SSH cryptographic algorithm hardening, certificate validation, and system-wide crypto policy enforcement (on distributions that support it).

  • Service and Application Security — SSH hardening (root login, protocol version, key authentication, forwarding controls), NTP/chrony configuration, syslog security, mail transfer agent configuration, web server hardening indicators, and database access controls.

Key NSA Publications Referenced: Security-Enhanced Linux (SELinux), NSA Linux Hardening Guidance, NSA Cybersecurity Technical Reports, System and Communications Protection Profile (SCPP), Commercial Solutions for Classified (CSfC)

Console Output

Instructions: Run sudo python3 linux_security_audit.py -m NSA --verbose on your test system and paste the complete console output below.

[Paste NSA module console output here]

↑ Back to Module Quick Reference

STIG Module

Description

File: modules/module_stig.py
Checks: 167
Version: 2.0

The STIG module implements compliance checks from the Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs). STIGs are mandatory configuration standards for DoD information systems and represent some of the most detailed and prescriptive security requirements available for Linux systems.

DISA STIG Coverage:

  • Access Control (AC) — Account management, access enforcement, failed login handling, session controls, remote access restrictions, and privilege escalation controls. Checks for maximum concurrent sessions, account expiration, and inactive account disable.

  • Audit and Accountability (AU) — Comprehensive audit logging via auditd, including rules for privileged commands, file access, system call monitoring, identity changes, permission modifications, mount operations, file deletion events, login/logout tracking, and session initiation. Validates audit log storage capacity, retention policies, and response to audit processing failures.

  • Identification and Authentication (IA) — Password complexity requirements (minimum length 15 characters per STIG), password history (24 remembered), password aging (60-day maximum, 1-day minimum), PAM configuration for pam_pwquality and pam_faillock (3 attempts, 15-minute lockout), emergency account procedures, and authenticator protection.

  • System and Information Integrity (SI) — File integrity monitoring (AIDE), malware protection, security alert handling, flaw remediation processes, and software/firmware integrity verification.

  • Configuration Management (CM) — Baseline configuration enforcement, least functionality (unnecessary services disabled), configuration change control, and security impact analysis of changes.

  • System and Communications Protection (SC) — Boundary protection (firewall), transmission confidentiality (SSH, TLS), cryptographic protection (FIPS mode), session authenticity, and DNS security.

STIG Severity Categories:

  • CAT I (High): Vulnerabilities that could directly result in loss of confidentiality, availability, or integrity. These must be remediated immediately.
  • CAT II (Medium): Vulnerabilities that could result in loss of confidentiality, availability, or integrity with less direct impact. These should be remediated within 30 days.
  • CAT III (Low): Vulnerabilities that degrade security measures. These should be remediated within 90 days.

V-Number Mapping: 65 checks (38.9%) are mapped to specific STIG V-numbers (e.g., V-230221, V-230332) for direct cross-reference with DISA STIG Viewer and compliance tracking tools.

Key STIG Publications: Red Hat Enterprise Linux (RHEL) STIG, Ubuntu Linux STIG, General Purpose Operating System (GPOS) SRG, Application Security and Development STIG

Console Output

Instructions: Run sudo python3 linux_security_audit.py -m STIG --verbose on your test system and paste the complete console output below.

[Paste STIG module console output here]

↑ Back to Module Quick Reference

HTML Report Example

Overview

The interactive HTML report is the primary output format for the Linux Security Audit tool. Version 2.0 features a complete rewrite with 18+ interactive capabilities. The report is fully self-contained (no external dependencies) and can be opened in any modern browser.

Report Features

Feature Description
Executive Dashboard SVG donut chart showing pass/fail/warning distribution with clickable segments
Compliance Overview Weighted, simple, and severity-adjusted compliance scores with pass/fail thresholds
Host Identification Hostname, IP addresses, operating system displayed prominently
Compliance Matrix Per-module scoring breakdown
Remediation Priority Findings ranked by severity for prioritized remediation
Column Resizing Drag column borders to resize any table column
In-Column Filtering Filter icon in each column header for targeted filtering
Column Visibility Show/hide columns via toggle controls
Global Search Include/exclude text search across all module results
Multi-Format Export Export to CSV, Excel, JSON, XML, and TXT formats
Per-Module Export Export individual module results independently
Row Selection Checkbox-based row selection for targeted export
Dark/Light Theme Toggle between dark and light themes
Print CSS Print-optimized stylesheet for paper output
Table of Contents Collapsible navigation for all report sections
Dashboard Filtering Click donut segments, summary cards, or severity cards to filter all tables
Garamond Typography Professional typography throughout

Report Screenshot

Instructions: Capture a screenshot of the HTML report open in your browser and add it to the wiki as an image. To add an image to a GitHub wiki:

  1. Open the HTML report in your browser
  2. Take a full-page screenshot (or capture the dashboard section)
  3. Save as html-report-example.png
  4. Upload to the wiki by editing this page and dragging the image into the editor, or by adding it to the repository's assets/ directory
  5. Reference it here with: ![HTML Report Example](html-report-example.png) 
[Screenshot placeholder — add HTML report screenshot here]

Report Sample (HTML Source)

Note on GitHub Wiki HTML rendering: GitHub wikis sanitize HTML content for security, so an embedded HTML report will not render interactively within the wiki page itself. The recommended approaches for sharing the report are:

  1. Screenshot (above) — Best for visual preview within the wiki
  2. Download link — Host the HTML file in the repository's assets/ or examples/ directory and link to it: 
    [Download Example HTML Report](https://github.com/Sandler73/Linux-Security-Audit-Project/raw/main/assets/example-report.html)
  3. GitHub Pages — If GitHub Pages is enabled, the report can be viewed live at: 
    https://sandler73.github.io/Linux-Security-Audit-Project/example-report.html

Instructions: To make the example report available:

  1. Generate a report: sudo python3 linux_security_audit.py
  2. Copy the generated HTML file to the repository's assets/ directory
  3. Commit and push
  4. Update the download link above with the correct filename
Click to expand: HTML Report Source (first 100 lines) 
[Paste the first ~100 lines of the generated HTML report source here for reference]

↑ Back to Module Quick Reference

Running the Examples Yourself

To reproduce the examples shown on this page:

# Clone the repository
git clone https://github.com/Sandler73/Linux-Security-Audit-Project.git
cd Linux-Security-Audit-Project

# Verify structure
ls modules/ shared_components/
python3 linux_security_audit.py --list-modules

# Run individual modules (match sections above)
sudo python3 linux_security_audit.py -m Core --verbose
sudo python3 linux_security_audit.py -m CIS --verbose
sudo python3 linux_security_audit.py -m CISA --verbose
sudo python3 linux_security_audit.py -m ENISA --verbose
sudo python3 linux_security_audit.py -m ISO27001 --verbose
sudo python3 linux_security_audit.py -m NIST --verbose
sudo python3 linux_security_audit.py -m NSA --verbose
sudo python3 linux_security_audit.py -m STIG --verbose

# Run full audit with all modules
sudo python3 linux_security_audit.py --verbose --profile

# Run with parallel execution
sudo python3 linux_security_audit.py --parallel --workers 4 --profile

← Back to Output Reference | Home | Next: Module Documentation →

Linux Security Audit Project · Version 2.0 · MIT License

Repository · Releases · Issues · Pull Requests

Changelog · Contributing · Security Policy · License

Frameworks: Core · CIS · CISA · ENISA · ISO 27001 · NIST · NSA · STIG

Coverage: 8 Modules · 1,207 Automated Security Checks · 5 Native Output Formats · Zero External Dependencies

This documentation reflects Linux Security Audit Project v2.0 released 2026-03-02. For older versions, see the release tags.

Linux Security Audit

Version 2.0 · 8 modules · 1,207 checks

🚀 Getting Started

📚 Reference

🏗️ Architecture

🛠️ Operations

📦 Release Information

🔍 Quick Reference

Frameworks Covered

Core · CIS · CISA · ENISA · ISO 27001 · NIST · NSA · STIG

Output Formats

HTML · JSON · CSV · XML · Console

Status Values

Pass · Fail · Warning · Info · Error

Severity Levels

Critical · High · Medium · Low · Informational

🔗 External Links

Clone this wiki locally