Linux security audit tools

Introduction

Technical auditing tools help to discover potential issues on Linux by performing an in-depth scan. On this page we list the need for regular auditing and the related tools.

Technical auditing tools for Linux provide valuable information about the state of a Linux system. It is similar to a health scan for your body, having your car checked for issues. Tools in this category typically go through the file system and check related file permissions. Additionally, they may look at running processes and configuration files, to determine the overall security posture of the system.

Auditing tools for Linux are usually closely related to Linux system hardening. This process of improving system defenses can be costly. A good auditing tool helps to define what can be improved and how to achieve this.

Within this category of tools, a warning is warranted. The number of high-quality tools for Linux auditing is limited. Our advice is to use a popular tool with good community support. Many new projects were promising but had their development stalled very early.

Usage

Linux security audit tools are typically used for configuration audit, IT audit, system hardening.

Users for these tools include auditors, security professionals, system administrators.

Tools

Linux security audit tools
ToolTypeDescriptionLatest releaseRelease dateScore
LynisSecurity scanner and compliance auditing toolLynis is a security auditing tool for systems running Linux, macOS, or Unix. It can be used for security assessments and configuration audits.2.6.6July 6, 2018100
Nix AuditorSystem auditing toolsNix-Auditor is a tool to help with scanning Linux systems and test them against CIS benchmarks.2.0Feb. 6, 201876
OpenSCAPSuite with tools and security dataTools to assist administrators and auditors with assessment, measurement and enforcement of security baselines1.2.17May 29, 201889
otsecaSystem information gathering toolOtseca is a security tool that helps with gathering system information. It can be useful for penetration tests and security assessments, to automate some parts of the process.1.0.5June 28, 201885
sysechkSystem auditing toolSystem Security Checker, or sysechk, is a tool to perform a system audit against a set of best practices. It uses a modular approach to test the system.0.9Dec. 2, 201260

Highlighted tools based on their strenghts

Some of the Linux security audit tools have features that make them stand out among the others. If one of these characteristics are important to you, have a look at these selected tools first.

» Easy to use = Lynis
» Low on requirements = Lynis

Other related categories: configuration audit tools, Linux hardening tools