linux-security-audit-tool 0.1.0__py3-none-any.whl

linux_security_audit_tool-0.1.0.dist-info/METADATA

@@ -0,0 +1,125 @@
+Metadata-Version: 2.4
+Name: linux-security-audit-tool
+Version: 0.1.0
+Summary: Comprehensive Linux security auditing and hardening tool
+Project-URL: Homepage, https://github.com/daedalus/linux-security-audit-tool
+Project-URL: Repository, https://github.com/daedalus/linux-security-audit-tool
+Project-URL: Issues, https://github.com/daedalus/linux-security-audit-tool/issues
+Author-email: Dario Clavijo <clavijodario@gmail.com>
+License: MIT
+License-File: LICENSE
+Requires-Python: >=3.11
+Requires-Dist: jinja2>=3.0.0
+Requires-Dist: tabulate>=0.9.0
+Provides-Extra: all
+Requires-Dist: click>=8.0; extra == 'all'
+Requires-Dist: hatch; extra == 'all'
+Requires-Dist: hypothesis; extra == 'all'
+Requires-Dist: mypy; extra == 'all'
+Requires-Dist: pytest; extra == 'all'
+Requires-Dist: pytest-asyncio; extra == 'all'
+Requires-Dist: pytest-cov; extra == 'all'
+Requires-Dist: pytest-mock; extra == 'all'
+Requires-Dist: rich>=13.0; extra == 'all'
+Requires-Dist: ruff; extra == 'all'
+Provides-Extra: cli
+Requires-Dist: click>=8.0; extra == 'cli'
+Requires-Dist: rich>=13.0; extra == 'cli'
+Provides-Extra: dev
+Requires-Dist: hatch; extra == 'dev'
+Requires-Dist: mypy; extra == 'dev'
+Requires-Dist: ruff; extra == 'dev'
+Provides-Extra: lint
+Requires-Dist: mypy; extra == 'lint'
+Requires-Dist: ruff; extra == 'lint'
+Provides-Extra: test
+Requires-Dist: hypothesis; extra == 'test'
+Requires-Dist: pytest; extra == 'test'
+Requires-Dist: pytest-asyncio; extra == 'test'
+Requires-Dist: pytest-cov; extra == 'test'
+Requires-Dist: pytest-mock; extra == 'test'
+Description-Content-Type: text/markdown
+
+# Linux Security Audit Tool
+
+A comprehensive CLI tool for auditing Linux system security posture.
+
+[![PyPI](https://img.shields.io/pypi/v/linux-security-audit-tool.svg)](https://pypi.org/project/linux-security-audit-tool/)
+[![Python](https://img.shields.io/pypi/pyversions/linux-security-audit-tool.svg)](https://pypi.org/project/linux-security-audit-tool/)
+[![Ruff](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/astral-sh/ruff/main/assets/badge/v2.json)](https://github.com/astral-sh/ruff)
+
+## Install
+
+```bash
+pip install linux-security-audit-tool
+```
+
+## Usage
+
+```bash
+security-audit --help
+security-audit audit
+security-audit audit -p 0 -1         # Run specific phases
+security-audit audit -o report.md     # Save markdown report
+security-audit audit --quiet          # Summary only
+```
+
+## CLI
+
+```bash
+security-audit [OPTIONS] COMMAND [ARGS]...
+
+Options:
+  --version  Show the version and exit.
+  --help     Show this message and exit.
+
+Commands:
+  audit    Run a full security audit.
+  version  Show version information.
+```
+
+## Development
+
+```bash
+git clone https://github.com/daedalus/linux-security-audit-tool.git
+cd linux-security-audit-tool
+pip install -e ".[test]"
+
+# run tests
+pytest
+
+# format
+ruff format src/ tests/
+
+# lint
+ruff check src/ tests/
+
+# type check
+mypy src/
+```
+
+## API
+
+```python
+from security_audit import gather_context, run_identity_checks, calculate_security_score
+from security_audit.core import Finding, Severity
+
+# Run a full audit
+context = gather_context()
+findings = run_identity_checks()
+score = calculate_security_score(findings)
+```
+
+## Audit Phases
+
+The tool performs security checks across 9 phases:
+
+- **Phase 0**: Context Gathering (hostname, OS, kernel)
+- **Phase 1**: Identity & Access Control (users, sudo, SSH)
+- **Phase 2**: Network Exposure (listening services, firewall)
+- **Phase 3**: File System & Permissions (SUID, world-writable)
+- **Phase 4**: Process & Service Posture (running services)
+- **Phase 5**: Kernel & OS Hardening (sysctl, ASLR)
+- **Phase 6**: Logging & Monitoring (auditd, logs)
+- **Phase 7**: Package & Update Hygiene (updates, repos)
+- **Phase 8**: Cryptographic Posture (SSH keys, TLS)

linux_security_audit_tool-0.1.0.dist-info/RECORD

@@ -0,0 +1,21 @@
+security_audit/__init__.py,sha256=_maE3U_JAAByrzXf8MxLJ0V9pH_1m8mfQAwsXE0NM_g,1112
+security_audit/__main__.py,sha256=9DionsgeprlP9eLdwbEkFW_PZFQEKSQRa--EZbpfoNU,145
+security_audit/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
+security_audit/cli/__init__.py,sha256=60dLiSwrobV5BOv6MDu17QJ5vSvf4-ArDn3UgRaSf94,7263
+security_audit/core/__init__.py,sha256=DB5FOJ5dicLnt1QhpjPh29kBe4eu044LrSLT7rtHTzg,2742
+security_audit/phases/__init__.py,sha256=tXhP7AFle7Tp9XaiugI85GHl4iST6S47QpHc6K7b9sE,1083
+security_audit/phases/context.py,sha256=G5GvyiXSRNz2_FaLFMtQfX6rSpcSfEibxuklHlcmuLk,1586
+security_audit/phases/crypto.py,sha256=78vpEHxBw9gUhMbXCHInXoVELanbf9CwElhz9vqUxyg,6435
+security_audit/phases/filesystem.py,sha256=EXCt9R_FcUPtmSBkPIVMBcS0IFdifHuBxhtq5Inf6mQ,8018
+security_audit/phases/identity.py,sha256=Zc2ylcVb4qnHJs_KHt_DFGwmN3OT-_iZo7Lh3yKU5KU,9313
+security_audit/phases/kernel.py,sha256=GPAWPaCbkCFGS_Fl0wD-axfcnYhBPlrjSGdsq4NTQ50,7804
+security_audit/phases/logging.py,sha256=Rdf8Kzif-Gbl6Gu8SBKKWB1TGXM6wBGfthxL5Qo-jaU,6463
+security_audit/phases/network.py,sha256=ZaetoYOUEcFetCoOp_Lw2HWpVbLjGAtn3f4O72u_ROI,5146
+security_audit/phases/packages.py,sha256=jvb9hksu0R1HDuaSWh6SbDdAgFYwcCL_-VQtTxh3HaE,5141
+security_audit/phases/process.py,sha256=6INIP5LtM9uk1omj-ltqsbeWMewzOPT3q_BbRzI2FNM,6481
+security_audit/phases/reporting.py,sha256=qZpbI0gmlktzfaLRUpLz57DU1UrHAVbBjV7qWv9W62k,4710
+linux_security_audit_tool-0.1.0.dist-info/METADATA,sha256=xplomD4mn2FTj9lGMjyDWmQ6EDLpyzUzk9DLoQBuZ14,3763
+linux_security_audit_tool-0.1.0.dist-info/WHEEL,sha256=QccIxa26bgl1E6uMy58deGWi-0aeIkkangHcxk2kWfw,87
+linux_security_audit_tool-0.1.0.dist-info/entry_points.txt,sha256=BbrtNuPOwSVGye_e_CEA3Ehh2uZiwj6vZq752-_IvQ8,59
+linux_security_audit_tool-0.1.0.dist-info/licenses/LICENSE,sha256=C2rA6vc6sz_Yf8oDFseNTefVHM0AL4_Wq4MTgElzy0U,1069
+linux_security_audit_tool-0.1.0.dist-info/RECORD,,

linux_security_audit_tool-0.1.0.dist-info/WHEEL

@@ -0,0 +1,4 @@
+Wheel-Version: 1.0
+Generator: hatchling 1.29.0
+Root-Is-Purelib: true
+Tag: py3-none-any

linux_security_audit_tool-0.1.0.dist-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+security-audit = security_audit.cli:main

linux_security_audit_tool-0.1.0.dist-info/licenses/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Dario Clavijo
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

security_audit/__init__.py

@@ -0,0 +1,49 @@
+"""Linux Security Audit Tool - Comprehensive security auditing and hardening."""
+
+__version__ = "0.1.0"
+
+from typing import TYPE_CHECKING
+
+from .core import AuditContext, Finding, Severity
+from .phases import (
+    calculate_security_score,
+    classify_severity,
+    gather_context,
+    generate_markdown_report,
+    generate_remediation_script,
+    get_system_info,
+    run_crypto_checks,
+    run_filesystem_checks,
+    run_identity_checks,
+    run_kernel_checks,
+    run_logging_checks,
+    run_network_checks,
+    run_package_checks,
+    run_process_checks,
+    run_reporting,
+)
+
+if TYPE_CHECKING:
+    from .cli import cli
+
+__all__ = [
+    "__version__",
+    "AuditContext",
+    "Finding",
+    "Severity",
+    "calculate_security_score",
+    "classify_severity",
+    "gather_context",
+    "generate_markdown_report",
+    "generate_remediation_script",
+    "get_system_info",
+    "run_crypto_checks",
+    "run_filesystem_checks",
+    "run_identity_checks",
+    "run_kernel_checks",
+    "run_logging_checks",
+    "run_network_checks",
+    "run_package_checks",
+    "run_process_checks",
+    "run_reporting",
+]

security_audit/__main__.py

@@ -0,0 +1,6 @@
+"""CLI entry point for the security audit tool."""
+
+from security_audit.cli import main
+
+if __name__ == "__main__":
+    raise SystemExit(main())

security_audit/cli/__init__.py

@@ -0,0 +1,241 @@
+"""Command-line interface for the Linux Security Audit Tool."""
+
+import sys
+from typing import Optional
+
+import click
+from rich import print as rprint
+from rich.console import Console
+from rich.progress import Progress, SpinnerColumn, TextColumn
+
+from security_audit.core import Finding, Severity
+from security_audit.phases import (
+    calculate_security_score,
+    gather_context,
+    generate_markdown_report,
+    run_crypto_checks,
+    run_filesystem_checks,
+    run_identity_checks,
+    run_kernel_checks,
+    run_logging_checks,
+    run_network_checks,
+    run_package_checks,
+    run_process_checks,
+)
+
+console = Console()
+
+
+def print_finding(finding: Finding) -> None:
+    """Print a single finding with severity color.
+
+    Args:
+        finding: The Finding object to print.
+    """
+    colors = {
+        Severity.CRITICAL: "red bold",
+        Severity.HIGH: "red",
+        Severity.MEDIUM: "yellow",
+        Severity.LOW: "cyan",
+        Severity.INFO: "blue",
+    }
+    color = colors.get(finding.severity, "white")
+    rprint(
+        f"[{color}]{finding.severity.value}[/{color}] [{color}]{finding.check_id}[/{color}]: {finding.title}"
+    )
+
+
+def print_summary(findings: list[Finding]) -> None:
+    """Print a summary table of findings.
+
+    Args:
+        findings: List of Finding objects.
+    """
+    from rich.table import Table
+
+    counts = {
+        Severity.CRITICAL: 0,
+        Severity.HIGH: 0,
+        Severity.MEDIUM: 0,
+        Severity.LOW: 0,
+        Severity.INFO: 0,
+    }
+    for f in findings:
+        counts[f.severity] += 1
+
+    table = Table(title="Audit Summary")
+    table.add_column("Severity", style="bold")
+    table.add_column("Count", justify="right")
+
+    table.add_row("[red bold]CRITICAL[/red bold]", str(counts[Severity.CRITICAL]))
+    table.add_row("[red]HIGH[/red]", str(counts[Severity.HIGH]))
+    table.add_row("[yellow]MEDIUM[/yellow]", str(counts[Severity.MEDIUM]))
+    table.add_row("[cyan]LOW[/cyan]", str(counts[Severity.LOW]))
+    table.add_row("[blue]INFO[/blue]", str(counts[Severity.INFO]))
+
+    console.print(table)
+
+
+@click.group()
+@click.version_option(version="0.1.0")
+def cli() -> None:
+    """Linux Security Audit Tool - Comprehensive security auditing and hardening."""
+    pass
+
+
+@cli.command()
+@click.option(
+    "--output",
+    "-o",
+    type=click.Path(),
+    default=None,
+    help="Output file for report",
+)
+@click.option(
+    "--phases",
+    "-p",
+    multiple=True,
+    help="Specific phases to run (0-9)",
+)
+@click.option(
+    "--quiet",
+    "-q",
+    is_flag=True,
+    help="Suppress detailed output",
+)
+def audit(
+    output: str | None,
+    phases: tuple,
+    quiet: bool,
+) -> None:
+    """Run a full security audit."""
+    console.print("[bold blue]Linux Security Audit Tool v0.1.0[/bold blue]")
+    console.print()
+
+    all_findings = []
+    context = None
+
+    selected_phases = list(range(10)) if not phases else [int(p) for p in phases]
+
+    with Progress(
+        SpinnerColumn(),
+        TextColumn("[progress.description]{task.description}"),
+        console=console,
+    ) as progress:
+        if 0 in selected_phases:
+            task = progress.add_task("Gathering context...", total=None)
+            context = gather_context()
+            if not quiet:
+                console.print(f"  Hostname: {context.hostname}")
+                console.print(f"  Kernel: {context.kernel}")
+            progress.update(task, completed=True)
+
+        if 1 in selected_phases:
+            task = progress.add_task(
+                "Checking identity & access control...", total=None
+            )
+            findings = run_identity_checks()
+            all_findings.extend(findings)
+            if not quiet:
+                for f in findings:
+                    print_finding(f)
+            progress.update(task, completed=True)
+
+        if 2 in selected_phases:
+            task = progress.add_task("Checking network exposure...", total=None)
+            findings = run_network_checks()
+            all_findings.extend(findings)
+            if not quiet:
+                for f in findings:
+                    print_finding(f)
+            progress.update(task, completed=True)
+
+        if 3 in selected_phases:
+            task = progress.add_task(
+                "Checking file system & permissions...", total=None
+            )
+            findings = run_filesystem_checks()
+            all_findings.extend(findings)
+            if not quiet:
+                for f in findings:
+                    print_finding(f)
+            progress.update(task, completed=True)
+
+        if 4 in selected_phases:
+            task = progress.add_task(
+                "Checking process & service posture...", total=None
+            )
+            findings = run_process_checks()
+            all_findings.extend(findings)
+            if not quiet:
+                for f in findings:
+                    print_finding(f)
+            progress.update(task, completed=True)
+
+        if 5 in selected_phases:
+            task = progress.add_task("Checking kernel & OS hardening...", total=None)
+            findings = run_kernel_checks()
+            all_findings.extend(findings)
+            if not quiet:
+                for f in findings:
+                    print_finding(f)
+            progress.update(task, completed=True)
+
+        if 6 in selected_phases:
+            task = progress.add_task("Checking logging & monitoring...", total=None)
+            findings = run_logging_checks()
+            all_findings.extend(findings)
+            if not quiet:
+                for f in findings:
+                    print_finding(f)
+            progress.update(task, completed=True)
+
+        if 7 in selected_phases:
+            task = progress.add_task("Checking package hygiene...", total=None)
+            findings = run_package_checks()
+            all_findings.extend(findings)
+            if not quiet:
+                for f in findings:
+                    print_finding(f)
+            progress.update(task, completed=True)
+
+        if 8 in selected_phases:
+            task = progress.add_task("Checking cryptographic posture...", total=None)
+            findings = run_crypto_checks()
+            all_findings.extend(findings)
+            if not quiet:
+                for f in findings:
+                    print_finding(f)
+            progress.update(task, completed=True)
+
+        if 9 in selected_phases:
+            task = progress.add_task("Generating report...", total=None)
+            if context is None:
+                context = gather_context()
+            score = calculate_security_score(all_findings)
+            console.print(f"\n[bold]Security Score: {score}/100[/bold]")
+            progress.update(task, completed=True)
+
+    console.print()
+    print_summary(all_findings)
+
+    if output:
+        report = generate_markdown_report(context, all_findings)
+        with open(output, "w", encoding="utf-8") as f:
+            f.write(report)
+        console.print(f"\n[green]Report saved to {output}[/green]")
+
+
+@cli.command()
+def version() -> None:
+    """Show version information."""
+    console.print("Linux Security Audit Tool v0.1.0")
+
+
+def main() -> int:
+    """Main entry point for the CLI."""
+    return cli()
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

security_audit/core/__init__.py

@@ -0,0 +1,106 @@
+"""Security audit core models and utilities."""
+
+from dataclasses import dataclass, field
+from enum import Enum
+from typing import Optional
+
+
+class Severity(Enum):
+    """Security finding severity levels."""
+
+    CRITICAL = "CRITICAL"
+    HIGH = "HIGH"
+    MEDIUM = "MEDIUM"
+    LOW = "LOW"
+    INFO = "INFO"
+
+
+@dataclass
+class Finding:
+    """Represents a security finding from an audit check.
+
+    Attributes:
+        severity: The severity level of the finding.
+        check_id: Unique identifier for the check (e.g., "IDENT-001").
+        title: Short descriptive title of the finding.
+        description: Detailed description of what was found.
+        evidence: Command output or evidence supporting the finding.
+        impact: Description of the security impact.
+        remediation: Recommended remediation steps.
+        phase: The audit phase where this finding was generated.
+    """
+
+    severity: Severity
+    check_id: str
+    title: str
+    description: str
+    evidence: str
+    impact: str
+    remediation: str
+    phase: str
+
+
+@dataclass
+class AuditContext:
+    """Context gathered during the audit.
+
+    Attributes:
+        hostname: System hostname.
+        os_release: OS release information.
+        kernel: Kernel version.
+        uptime: System uptime.
+        virtualization: Virtualization technology detected.
+        is_container: Whether running in a container.
+        is_server: Whether system is a server (vs workstation).
+        findings: List of findings collected during audit.
+    """
+
+    hostname: str = ""
+    os_release: str = ""
+    kernel: str = ""
+    uptime: str = ""
+    virtualization: str = ""
+    is_container: bool = False
+    is_server: bool = True
+    findings: list = field(default_factory=list)
+
+
+def run_command(
+    cmd: str,
+    timeout: int = 30,
+) -> tuple[str, str, int]:
+    """Run a shell command and return stdout, stderr, and return code.
+
+    Args:
+        cmd: The command to execute.
+        timeout: Maximum time to wait for command completion in seconds.
+
+    Returns:
+        A tuple of (stdout, stderr, returncode).
+    """
+    import subprocess
+
+    try:
+        result = subprocess.run(
+            cmd,
+            shell=True,
+            capture_output=True,
+            text=True,
+            timeout=timeout,
+        )
+        return result.stdout.strip(), result.stderr.strip(), result.returncode
+    except subprocess.TimeoutExpired:
+        return "", f"Command timed out after {timeout}s", -1
+    except Exception as e:
+        return "", str(e), -1
+
+
+def check_root() -> bool:
+    """Check if the current process is running as root.
+
+    Returns:
+        True if running as root (UID 0), False otherwise.
+    """
+    import os
+
+    return os.geteuid() == 0

security_audit/phases/__init__.py

@@ -0,0 +1,41 @@
+"""Security audit phases."""
+
+from typing import TYPE_CHECKING
+
+from .context import gather_context, get_system_info
+from .crypto import run_crypto_checks
+from .filesystem import run_filesystem_checks
+from .identity import run_identity_checks
+from .kernel import run_kernel_checks
+from .logging import run_logging_checks
+from .network import run_network_checks
+from .packages import run_package_checks
+from .process import run_process_checks
+from .reporting import (
+    calculate_security_score,
+    classify_severity,
+    generate_markdown_report,
+    generate_remediation_script,
+    run_reporting,
+)
+
+if TYPE_CHECKING:
+    from ..core import AuditContext, Finding
+
+__all__ = [
+    "gather_context",
+    "get_system_info",
+    "run_identity_checks",
+    "run_network_checks",
+    "run_filesystem_checks",
+    "run_process_checks",
+    "run_kernel_checks",
+    "run_logging_checks",
+    "run_package_checks",
+    "run_crypto_checks",
+    "run_reporting",
+    "generate_markdown_report",
+    "generate_remediation_script",
+    "calculate_security_score",
+    "classify_severity",
+]

security_audit/phases/context.py

@@ -0,0 +1,60 @@
+"""Phase 0 - Context Gathering module."""
+
+from ..core import AuditContext, run_command
+
+
+def gather_context() -> AuditContext:
+    """Gather basic system context for the audit."""
+    context = AuditContext()
+
+    stdout, _, rc = run_command("hostname")
+    if rc == 0:
+        context.hostname = stdout
+
+    stdout, _, rc = run_command("uname -r")
+    if rc == 0:
+        context.kernel = stdout
+
+    stdout, _, rc = run_command("cat /etc/os-release")
+    if rc == 0:
+        context.os_release = stdout
+
+    stdout, _, rc = run_command("uptime")
+    if rc == 0:
+        context.uptime = stdout
+
+    stdout, _, rc = run_command(
+        "systemd-detect-virt 2>/dev/null || virt-what 2>/dev/null || echo 'none'"
+    )
+    if rc == 0 and stdout:
+        context.virtualization = stdout
+        context.is_container = stdout.strip() in ["docker", "lxc", "podman"]
+
+    stdout, _, rc = run_command("systemd-detect-virt -c 2>/dev/null")
+    context.is_container = rc == 0
+
+    return context
+
+
+def get_system_info() -> dict:
+    """Get detailed system information."""
+    info = {}
+
+    cmds = {
+        "hostname": "hostname",
+        "os_release": "cat /etc/os-release",
+        "kernel": "uname -r",
+        "architecture": "uname -m",
+        "uptime": "uptime",
+        "last_boot": "who -b",
+    }
+
+    for key, cmd in cmds.items():
+        stdout, _, rc = run_command(cmd)
+        if rc == 0:
+            info[key] = stdout
+
+    virt, _, rc = run_command("systemd-detect-virt 2>/dev/null || echo 'none'")
+    info["virtualization"] = virt if rc == 0 else "unknown"
+
+    return info