← Back to all products

Audit Script Kit

$19

Security audit scripts for Linux: file permissions, port enumeration, and process monitoring.

📁 10 files
JSONMarkdownPython

📄 Product Preview

Try the interactive reader and demo tools below, or get the full product with all content unlocked.

📖 Interactive Reader (Free Preview) ⚙ Try Demo Tools 📦 Download Free Sample

📁 File Structure 10 files

audit-script-kit/ ├── LICENSE ├── README.md ├── examples/ │ └── audit_config.json ├── free-sample.zip ├── guide/ │ ├── 01_features.md │ ├── 02_quick-start.md │ ├── 03_configuration-reference.md │ └── 04_license.md ├── index.html └── src/ └── audit_script_kit.py

📖 Documentation Preview README excerpt

Audit Script Kit

Collection of security audit scripts for Linux servers: file permission checks, open port enumeration, process monitoring, cron job auditing, and user account review. Run on any server in seconds.

Features

  • File permission auditing — detects world-readable, world-writable, and SUID/SGID files
  • Open port enumeration — lists all listening ports with associated processes
  • Process monitoring — flags suspicious or unexpected running processes
  • Cron job auditing — reviews cron entries across all users for anomalies
  • User account review — privilege escalation detection, inactive accounts, passwordless users
  • Sensitive path detection — checks permissions on /etc/shadow, SSH keys, config files
  • JSON output — structured output for integration with other tools or dashboards
  • Configurable via JSON — enable/disable modules, set custom paths to audit
  • Non-destructive — all checks are read-only, safe for production servers

Requirements

  • Python 3.10+
  • No external dependencies (stdlib only)
  • Linux/macOS (uses OS-level APIs for permission and process checks)

Quick Start


# Run all audit checks
python src/audit_script_kit.py --all

# Check file permissions on a specific path
python src/audit_script_kit.py --check permissions --path /etc

# Enumerate open ports
python src/audit_script_kit.py --check ports

# Check processes and save results
python src/audit_script_kit.py --check processes --output audit.json

Output

Console output shows a categorized audit report with severity indicators. JSON output provides structured findings per module for programmatic consumption.

Configuration Reference

Use a JSON config to customize which modules run (see examples/audit_config.json):


{
    "audit_modules": {
        "file_permissions": {
            "enabled": true,
            "paths": ["/etc", "/var/log", "/home"]
        },
        "open_ports": { "enabled": true },
        "processes": { "enabled": true },
        "cron_jobs": { "enabled": true },
        "user_accounts": { "enabled": true }
    }
}

... continues with setup instructions, usage examples, and more.

📄 Code Sample .py preview

src/audit_script_kit.py #!/usr/bin/env python3 """ Audit Script Kit — Security Kit (DataNest) Collection of security audit scripts: file permission checks, open port enumeration, process monitoring, cron job auditing, and user account review. Usage: python audit_script_kit.py --all python audit_script_kit.py --check permissions --path /etc python audit_script_kit.py --check ports python audit_script_kit.py --check processes --output audit.json Dependencies: Python 3.10+ stdlib only (no pip packages) License: MIT """ from __future__ import annotations import argparse import grp import json import logging import os import pwd import socket import stat import subprocess import sys from dataclasses import dataclass, field, asdict from datetime import datetime, timezone from pathlib import Path from typing import Any # --------------------------------------------------------------------------- # Constants # --------------------------------------------------------------------------- # Files that should never be world-readable or world-writable SENSITIVE_PATHS: list[str] = [ "/etc/shadow", "/etc/gshadow", "/etc/ssh/sshd_config", "/etc/ssl/private", "/root/.ssh", "/root/.bash_history", ] # Ports that indicate potentially unwanted services SUSPICIOUS_PORTS: dict[int, str] = { 21: "FTP (plaintext)", 23: "Telnet (plaintext)", 69: "TFTP", 111: "RPC portmapper", 512: "rexec", 513: "rlogin", 514: "rsh", 1099: "Java RMI", 2049: "NFS", 5900: "VNC", 6667: "IRC", # ... 478 more lines ...
Buy Now — $19 Back to Products