Linux security audit tools

Introduction

Technical auditing tools for Linux provide valuable information about the state of a Linux system. It is similar to a health scan for your body, having your car checked for issues. Tools in this category typically go through the file system and check related file permissions. Additionally, they may look at running processes and configuration files, to determine the overall security posture of the system.

Auditing tools for Linux are usually closely related to Linux system hardening. This process of improving system defenses can be costly. A good auditing tool helps to define what can be improved and how to achieve this.

Within this category of tools, a warning is warranted. The number of high-quality tools for Linux auditing is limited. Our advice is to use a popular tool with good community support. Many new projects were promising but had their development stalled very early.

Usage

Linux security audit tools are typically used for configuration audit, IT audit, system hardening.

Users for these tools include auditors, security professionals, system administrators.

Tools

Cloud Security Suite (cloud security toolkit)

configuration audit, IT audit, penetration testing, system hardening

Cloud Security Suite (CS Suite) is a security toolkit that allows scanning Amazon, Google, and Azure cloud platforms. It leverages tools like Lynis, Prowler, and Scout2 to collect all information. The promise of the tool is to simplify the installation of the tools, their configuration, and the data collection.

Lynis (security scanner and compliance auditing tool)

IT audit, penetration testing, security assessment, system hardening, vulnerability scanning

Lynis can detect vulnerabilities and configuration flaws. Where a typical vulnerability scanner will just point out vulnerabilities, Lynis aims for continuous improvement. For this reason, it requires to be executed on the host system itself and providing more details than the average vulnerability scanner.

Nix Auditor (system auditing tools)

Nix-Auditor is a tool to help with scanning Linux systems and test them against CIS benchmarks.

OpenSCAP (suite with tools and security data)

security assessment, vulnerability scanning

Tools to assist administrators and auditors with assessment, measurement and enforcement of security baselines

orthrus (security framework and auditing tool)

security assessment, self-assessment, system hardening, vulnerability scanning

Orthrus is a security framework and auditing tool. It allows monitoring and analyzing security configurations across multiple environments.

otseca (system information gathering tool)

configuration audit, penetration testing, security assessment

Tools like otseca help with data collection. This could be useful for system administrators to collect data on a regular interval. This data then can be compared with a future data capture. Another possibility is to use it during pentesting. In that case one should have already obtained root access, as the tool requires this as well.

sysechk (system auditing tool)

IT audit, system hardening

System Security Checker, or sysechk, is a tool to perform a system audit against a set of best practices. It uses a modular approach to test the system.

Tiger (local security scanner)

intrusion detection, IT audit, system hardening, vulnerability scanning

The Tiger tool is used to scan your system and perform a security audit. Tiger checks configuration files and the system state. Based on the findings it will show suggestions to improve the security level of the system.

The Tiger project also states on their project page it can be used as an intrusion detection tool. This promise is somewhat outdated. To be effective in the area of intrusion detection, its technology needs to be kept up-to-date. Still, the tool might find...

YASAT (local security scanner)

configuration audit, IT audit, security assessment

The YASAT tool performs a system scan to detect configuration issues and possible improvements for hardening the system. Typically you would use this on new and existing systems.

Highlighted tools based on their strenghts

Some of the Linux security audit tools have features that make them stand out among the others. If one of these characteristics are important to you, have a look at these selected tools first.

» Easy to use = Lynis
» Low on requirements = Lynis

Other related categories: configuration audit tools, Linux hardening tools

Missing a favorite tool in this list? Share a tool suggestion and we will review it.