A lightweight, dependency-free Bash script that generates a comprehensive audit report of any Linux machine — covering processes, open ports, containers, users, scheduled tasks, and more.
Useful for infrastructure handovers, security reviews, onboarding unknown servers, or just getting a quick snapshot of what's running on a machine.
| Section | Details |
|---|---|
| System Info | OS, kernel, uptime, RAM, disk usage, environment variables |
| Users & Access | Active shell users, UID 0 accounts, login history, failed logins, sudo rules, SSH authorized keys |
| Processes | Full process list, process tree, top CPU consumers |
| Network | Open TCP/UDP ports, established connections, firewall rules (iptables/ufw), interfaces, routes, DNS |
| Systemd Services | All services and their status, boot-enabled services, failed services |
| Docker | Running/stopped containers, images, volumes, networks, full inspect, docker-compose files |
| Podman | Running containers and images |
| Kubernetes | Nodes, pods, services and deployments (kubectl, k3s, minikube) |
| Web & Databases | Nginx, Apache, MySQL/MariaDB, PostgreSQL, Redis |
| Cron & Timers | Crontabs for all users, /etc/cron* files, systemd timers |
| Packages | Installed packages (dpkg/rpm), programming languages, pip and npm globals |
| Files | SUID binaries, recently modified files, common app directories, .env file locations |
| Logs | syslog, auth.log, Docker container logs |
| Summary | Quick stats snapshot at the end of the report |
scp sysaudit.sh user@<server-ip>:/tmp/ssh user@<server-ip> "sudo bash /tmp/sysaudit.sh"The script will print the archive path at the end. Copy it to your local machine:
scp user@<server-ip>:/tmp/sysaudit_<date>.tar.gz .sudo bash sysaudit.shThe report is saved as a plain .txt file and automatically compressed into a .tar.gz archive:
/tmp/sysaudit_2025-06-01_14-30-00/
└── report_<hostname>_2025-06-01_14-30-00.txt
/tmp/sysaudit_2025-06-01_14-30-00.tar.gz
- Bash 4+
sudo/ root access (required for full output — some sections are skipped without it)- No external dependencies — uses only standard Linux tools
Tools like
docker,kubectl,nginx,mysql, etc. are optional. The script detects what's available and skips gracefully if something isn't installed.
Tested on:
- Ubuntu 20.04 / 22.04 / 24.04
- Debian 11 / 12
- CentOS 7 / 8
- Rocky Linux 8 / 9
- Amazon Linux 2
- Run this script only on machines you own or are authorized to audit.
- The report may contain sensitive information (SSH keys, environment variables, open ports, credentials in config files). Handle and store the output carefully.
.envfile contents are intentionally not included in the report — only their paths are listed to avoid exposing secrets.
MIT