← Back to all products
$19
Audit Script Kit
Security audit scripts for Linux: file permissions, port enumeration, and process monitoring.
JSONMarkdownPython
📄 Product Preview
Try the interactive reader and demo tools below, or get the full product with all content unlocked.
📖 Interactive Reader (Free Preview) ⚙ Try Demo Tools 📦 Download Free Sample📁 File Structure 10 files
audit-script-kit/
├── LICENSE
├── README.md
├── examples/
│ └── audit_config.json
├── free-sample.zip
├── guide/
│ ├── 01_features.md
│ ├── 02_quick-start.md
│ ├── 03_configuration-reference.md
│ └── 04_license.md
├── index.html
└── src/
└── audit_script_kit.py
📖 Documentation Preview README excerpt
Audit Script Kit
Collection of security audit scripts for Linux servers: file permission checks, open port enumeration, process monitoring, cron job auditing, and user account review. Run on any server in seconds.
Features
- File permission auditing — detects world-readable, world-writable, and SUID/SGID files
- Open port enumeration — lists all listening ports with associated processes
- Process monitoring — flags suspicious or unexpected running processes
- Cron job auditing — reviews cron entries across all users for anomalies
- User account review — privilege escalation detection, inactive accounts, passwordless users
- Sensitive path detection — checks permissions on /etc/shadow, SSH keys, config files
- JSON output — structured output for integration with other tools or dashboards
- Configurable via JSON — enable/disable modules, set custom paths to audit
- Non-destructive — all checks are read-only, safe for production servers
Requirements
- Python 3.10+
- No external dependencies (stdlib only)
- Linux/macOS (uses OS-level APIs for permission and process checks)
Quick Start
# Run all audit checks
python src/audit_script_kit.py --all
# Check file permissions on a specific path
python src/audit_script_kit.py --check permissions --path /etc
# Enumerate open ports
python src/audit_script_kit.py --check ports
# Check processes and save results
python src/audit_script_kit.py --check processes --output audit.json
Output
Console output shows a categorized audit report with severity indicators. JSON output provides structured findings per module for programmatic consumption.
Configuration Reference
Use a JSON config to customize which modules run (see examples/audit_config.json):
{
"audit_modules": {
"file_permissions": {
"enabled": true,
"paths": ["/etc", "/var/log", "/home"]
},
"open_ports": { "enabled": true },
"processes": { "enabled": true },
"cron_jobs": { "enabled": true },
"user_accounts": { "enabled": true }
}
}
... continues with setup instructions, usage examples, and more.
📄 Code Sample .py preview
src/audit_script_kit.py
#!/usr/bin/env python3
"""
Audit Script Kit — Security Kit (DataNest)
Collection of security audit scripts: file permission checks, open port
enumeration, process monitoring, cron job auditing, and user account review.
Usage:
python audit_script_kit.py --all
python audit_script_kit.py --check permissions --path /etc
python audit_script_kit.py --check ports
python audit_script_kit.py --check processes --output audit.json
Dependencies: Python 3.10+ stdlib only (no pip packages)
License: MIT
"""
from __future__ import annotations
import argparse
import grp
import json
import logging
import os
import pwd
import socket
import stat
import subprocess
import sys
from dataclasses import dataclass, field, asdict
from datetime import datetime, timezone
from pathlib import Path
from typing import Any
# ---------------------------------------------------------------------------
# Constants
# ---------------------------------------------------------------------------
# Files that should never be world-readable or world-writable
SENSITIVE_PATHS: list[str] = [
"/etc/shadow", "/etc/gshadow", "/etc/ssh/sshd_config",
"/etc/ssl/private", "/root/.ssh", "/root/.bash_history",
]
# Ports that indicate potentially unwanted services
SUSPICIOUS_PORTS: dict[int, str] = {
21: "FTP (plaintext)", 23: "Telnet (plaintext)",
69: "TFTP", 111: "RPC portmapper", 512: "rexec",
513: "rlogin", 514: "rsh", 1099: "Java RMI",
2049: "NFS", 5900: "VNC", 6667: "IRC",
# ... 478 more lines ...