A comprehensive, enterprise-grade security audit script for Ubuntu servers with Docker, Plesk, and cloud infrastructure support. Provides detailed vulnerability assessment, compliance analysis, and prioritized security recommendations.
- Features
- Prerequisites
- Installation
- Usage
- Security Checks
- Output Examples
- Configuration
- Advanced Features
- Compliance Standards
- Contributing
- License
- Support
- External Port Scanning with nmap integration
- Internal Service Analysis with Docker container awareness
- Vulnerability Detection for critical exposures
- Security Score Calculation with industry benchmarks
- Context-Aware Classification (distinguishes legitimate Docker services)
- Custom Configuration Recognition (SSH custom ports, Redis localhost-only)
- Service-Specific Security Checks (database exposure, authentication strength)
- Risk-Based Prioritization (Critical β High β Medium β Low)
- Detailed Security Metrics with color-coded output
- Compliance Assessment (PCI DSS, GDPR, SOC 2)
- Security Maturity Scoring (5-level industry standard)
- Priority Action Plans with timeframes
- Docker Container Security analysis and recommendations
- Plesk Integration with component-aware scanning
- Cloud Infrastructure compatible (AWS, DigitalOcean, etc.)
- Ubuntu Pro subscription analysis and optimization
# Must be run as root or with sudo privileges
sudo -i# Essential packages (automatically checked by script)
apt update
apt install -y curl wget net-tools
# Highly recommended for full functionality
apt install -y nmap bc jq
# Optional but beneficial
apt install -y fail2ban unattended-upgrades- Operating System: Ubuntu 18.04+ (tested on 20.04, 22.04, 24.04)
- Memory: Minimum 512MB RAM (1GB+ recommended)
- Disk Space: 100MB free space for logs and reports
- Network: Internet access for external scanning and updates
- β Bare Metal Servers
- β Virtual Private Servers (VPS)
- β Cloud Instances (AWS EC2, DigitalOcean Droplets, etc.)
- β Docker Host Systems
- β Plesk-managed Servers
- β Ubuntu Pro Subscriptions
# Download the script
curl -fsSL https://raw.githubusercontent.com/yourusername/security-audit/main/security-audit.sh -o security-audit.sh
# Make executable
chmod +x security-audit.sh
# Move to system location
sudo mv security-audit.sh /usr/local/bin/security-audit
# Install recommended packages
sudo apt install -y nmap bc jq fail2ban# Clone the repository
git clone https://github.com/yourusername/security-audit.git
cd security-audit
# Copy script to system location
sudo cp security-audit.sh /usr/local/bin/security-audit
sudo chmod +x /usr/local/bin/security-audit
# Install dependencies
sudo apt install -y nmap bc jq# Run the setup script (if provided)
curl -fsSL https://raw.githubusercontent.com/yourusername/security-audit/main/setup.sh | sudo bash# Run comprehensive security audit
sudo security-audit
# Run with verbose output
sudo security-audit --verbose
# Save report to custom location
sudo security-audit --output /path/to/custom/report.log# Skip external port scanning (faster, internal-only)
sudo security-audit --no-external-scan
# Focus on specific security categories
sudo security-audit --category network,docker,ssh
# Generate compliance report only
sudo security-audit --compliance-only
# Schedule automated monthly audits
sudo crontab -e
# Add: 0 2 1 * * /usr/local/bin/security-audit --quiet --email [email protected]# Enhanced Docker security analysis
sudo security-audit --docker-focus
# Scan specific containers only
sudo security-audit --containers "container1,container2"- External Port Scanning (nmap-based vulnerability detection)
- Internal Service Analysis (listening services and bindings)
- Firewall Configuration (UFW, iptables, Plesk firewall)
- IPv6 Security (configuration and exposure analysis)
- Network Interface Analysis (active interfaces and routing)
- SSH Security (authentication methods, key management, port configuration)
- User Account Analysis (password policies, sudo configuration, locked accounts)
- Authentication Systems (PAM configuration, login restrictions)
- Privilege Escalation (SUID/SGID files, sudo policies)
- Update Management (security patches, Ubuntu Pro status, kernel updates)
- File System Security (permissions, world-writable files, disk usage)
- System Configuration (boot security, core dumps, memory protection)
- Resource Management (CPU/memory limits, process analysis)
- Docker Container Security (privileged containers, exposed ports, image analysis)
- Database Security (Redis, MySQL, PostgreSQL exposure and authentication)
- Web Server Security (Apache, Nginx configuration analysis)
- Service Configuration (running services, unnecessary daemons)
- Log Analysis (system errors, authentication failures, security events)
- Intrusion Detection (fail2ban status, banned IPs, attack patterns)
- System Monitoring (resource usage, suspicious processes)
- Audit Trail (command history, file modifications)
- Plesk Security (version analysis, component security, SSL certificates)
- Mail Server Security (Postfix/Dovecot configuration, spam protection)
- Web Hosting Security (virtual host isolation, PHP security)
- Control Panel Security (admin access, password policies)
=== COMPREHENSIVE SECURITY ASSESSMENT REPORT ===
Generated: Sat Jul 5 10:00:00 AM CEST 2025
Server: example.com (192.168.1.100)
=== SECURITY METRICS BREAKDOWN ===
β PASS: 45 checks
β SECURE: 12 checks
β WARN: 8 checks
β RISK: 2 checks
β FAIL: 0 checks
β CRITICAL: 0 checks
ββββββββββββββββββββ
TOTAL: 67 security checks
=== SECURITY SCORE CALCULATION ===
Base Score: 85% (57/67 positive)
Risk Penalty: -20% (Risk: -2Γ10)
βββββββββββββββββββββββββββββββββββββββββββββββββββ
π‘οΈ FINAL SCORE: 85% - VERY SECURE
STATUS: STRONG SECURITY POSTURE
=== SECURITY CATEGORY ANALYSIS ===
Network Security:
β Network: 92% (Excellent)
Access Control:
β Access Control: 88% (Excellent)
System Security:
β System: 78% (Good)
Application Security:
β Application: 85% (Excellent)
Monitoring & Logging:
β Monitoring: 76% (Good)
=== PRIORITY ACTION ITEMS ===
β οΈ HIGH RISK (Fix within 1 week):
β Redis port 6379 externally accessible - MAJOR VULNERABILITY
β SSH password authentication enabled - security risk
π MEDIUM RISK (Fix within 1 month):
β 15 system updates available
β IPv6 firewall needs configuration
β Log files larger than 50MB detected
=== COMPLIANCE & BEST PRACTICES ===
Industry Compliance Assessment:
PCI DSS Ready: Partial
GDPR Compliant: Yes
SOC 2 Ready: Yes
Security Maturity Level:
π― Level 4: Managed (Above Average)
# Customize audit behavior
export AUDIT_SKIP_EXTERNAL=true # Skip external port scanning
export AUDIT_DOCKER_FOCUS=true # Enhanced Docker analysis
export AUDIT_QUIET_MODE=true # Minimal output
export AUDIT_LOG_RETENTION=30 # Days to keep audit logs
export [email protected] # Email critical findingsCreate /etc/security-audit.conf:
# Security Audit Configuration
SKIP_EXTERNAL_SCAN=false
DOCKER_ENHANCED_ANALYSIS=true
EMAIL_CRITICAL_ALERTS=true
EMAIL_RECIPIENT="[email protected]"
LOG_RETENTION_DAYS=30
NMAP_TIMING_TEMPLATE=4
COMPLIANCE_FRAMEWORKS="PCI,GDPR,SOC2"# Adjust scoring thresholds in script
CRITICAL_PENALTY=15 # Points deducted per critical issue
RISK_PENALTY=10 # Points deducted per risk issue
WARN_PENALTY=2 # Points deducted per warning# Setup automated monthly audits
sudo crontab -e
# Add these lines:
# Monthly comprehensive audit (1st of month at 2 AM)
0 2 1 * * /usr/local/bin/security-audit --quiet --email
# Weekly quick scan (Sundays at 3 AM)
0 3 * * 0 /usr/local/bin/security-audit --quick --email-critical-only# Nagios/Icinga integration
sudo security-audit --nagios-output
# Zabbix integration
sudo security-audit --zabbix-sender
# Custom webhook integration
sudo security-audit --webhook https://monitoring.example.com/security-audit# Run as Docker container
docker run -v /:/host:ro --privileged security-audit:latest
# Docker Compose integration
version: '3.8'
services:
security-audit:
image: security-audit:latest
volumes:
- /:/host:ro
environment:
- AUDIT_EMAIL_ALERTS=true
privileged: true
schedule: "0 2 * * *" # Daily at 2 AM- PCI DSS (Payment Card Industry Data Security Standard)
- GDPR (General Data Protection Regulation)
- SOC 2 (Service Organization Control 2)
- ISO 27001 (Information Security Management)
- NIST Cybersecurity Framework
- CIS Controls (Center for Internet Security)
- β Automated Assessment against industry standards
- β Gap Analysis with remediation recommendations
- β Evidence Collection for audit documentation
- β Risk Rating aligned with compliance requirements
- β Reporting suitable for compliance officers
We welcome contributions! Please see our Contributing Guide for details.
# Clone and setup development environment
git clone https://github.com/yourusername/security-audit.git
cd security-audit
# Install development dependencies
sudo apt install -y shellcheck bats
# Run tests
make test
# Check code quality
make lint- π Bug Reports: Use the Issue Template
- β¨ Feature Requests: Use the Feature Template
- π Security Issues: Email [email protected] (GPG key available)
This project is licensed under the MIT License - see the LICENSE file for details.
- π Wiki: Comprehensive documentation
- π₯ Video Tutorials: YouTube Playlist
- π Examples: Real-world use cases
- π¬ Discord: Join our community
- π§ Mailing List: [email protected]
- π¦ Twitter: @SecurityAudit
- π’ Enterprise Support: [email protected]
- π§ Custom Development: [email protected]
- π Training Services: [email protected]
- Ubuntu Security Team for security best practices
- Docker Security Team for container security guidelines
- Plesk Development Team for API documentation
- Community Contributors for testing and feedback
β If this project helped secure your infrastructure, please consider giving it a star!
Made with β€οΈ for the cybersecurity community