Linux Security Scanner

Script

scripts/security-audit.sh — the single entry point for all checks.

The script is self-contained, portable, and works on any modern Linux system. It auto-detects available tools (ss/netstat, ufw/iptables/nftables, journalctl) and gracefully skips unavailable ones.

Quick Start

Run a full audit:

bash scripts/security-audit.sh --all

Or with no arguments (same as --all):

bash scripts/security-audit.sh

Individual Checks

Run any single check by name:

Example:

bash scripts/security-audit.sh --ssh --failed-logins

Full Audit Workflow

1. Run bash scripts/security-audit.sh --all
2. The script outputs a colorized report to stdout
3. A structured markdown report is stored in the $REPORT variable (accessible within the same shell session)
4. For programmatic use, redirect output to a file

Common Findings & Recommendations

• SSH hardening: Disable root login, disable password auth, use key-only auth, change default port
• Firewall: Ensure only necessary ports are open; prefer deny-by-default
• Sudoers: Avoid NOPASSWD where possible; keep permissions at 440; audit who has full sudo access
• SUID: Review unusual SUID paths; minimize SUID binaries; check for known CVEs on common ones (pkexec, sudo, etc.)
• World-writable files: These are security risks — investigate why they're writable and restrict permissions

Notes

• Requires root/sudo for some checks (failed-logins reads /var/log/btmp, ss shows process info)
• Runs entirely in the shell — no external dependencies beyond standard Linux tools
• Respects permission boundaries — non-accessible checks are noted, not forced