Lynis

Lynis is an automated security auditing and system hardening framework designed for UNIX-based operating systems. It functions as a command-line utility that inspects local system configurations to identify security vulnerabilities, configuration weaknesses, and compliance gaps. By executing a series of modular tests, the tool generates actionable reports and remediation suggestions to assist in strengthening system defenses.

The project distinguishes itself through a highly modular architecture that relies on shell-script-based execution and native system inspection. Users can define custom audit profiles to standardize security policies across diverse environments, while the plugin-driven extensibility allows for the development of specialized security checks tailored to unique infrastructure requirements. This flexibility enables the tool to operate in non-interactive batch modes, facilitating integration into automated scheduling and continuous monitoring workflows.

Beyond core auditing, the framework supports enterprise-wide security management by aggregating data from multiple hosts into centralized reports. It provides capabilities for tracking system integrity, enforcing compliance baselines, and prioritizing hardening tasks based on risk assessments. The system also supports structured data serialization, allowing audit findings to be exported for external analysis and visualization.

Features

Security Auditing Tools - Functions as a command-line auditing tool that identifies security flaws and compliance gaps through automated testing on UNIX systems.
Security Testing and Auditing - Provides an automated framework for scanning and auditing UNIX system configurations to identify security vulnerabilities and compliance gaps.
Automated Security Scanners - Provides an automated security scanner that performs systematic checks on UNIX-based systems to identify vulnerabilities and configuration weaknesses.
Security and Compliance - Aggregates security audit data from multiple remote systems into centralized reports to simplify compliance tracking and analysis.
Infrastructure and System Hardening - Implements comprehensive security checks and configuration templates to harden operating systems and infrastructure against unauthorized access.
Infrastructure Hardening - Strengthens system defenses by prioritizing and implementing security hardening improvements.
Operational Task Automation - Automates security scans via scheduled tasks to maintain continuous monitoring without requiring manual user interaction.
Security Profiles - Defines audit behavior and security policies through external text files to standardize scan parameters across diverse environments.
Compliance Enforcement Tools - Compares system configurations against security policies to enforce compliance baselines.
Infrastructure Security Scanners - Evaluates system configurations and infrastructure settings against security best practices to maintain integrity and reduce operational risks.
Policy Enforcement Engines - Evaluates system configurations against custom security standards to identify and remediate policy deviations.
Plugin-Based Architectures - Extends core functionality by dynamically loading external scripts and modules at runtime to perform specialized security assessments.
Background Task Scheduling - Performs system audits in the background by suppressing interactive prompts to facilitate integration with automated task schedulers.
Security Lab Environments - Security auditing and hardening tool for Unix-based systems.
Security And Hardening - Security auditing and compliance testing tool.
Security Auditing - Security auditing and compliance testing tool for Unix-based systems.
Extensible Plugin Architectures - Provides a plugin-driven architecture that allows for the dynamic loading of custom scripts to perform specialized security checks.
Audit Logging Systems - Generates structured audit logs containing test results and remediation suggestions for security hardening.
System Inspection Utilities - Queries the current state of the local operating system by invoking standard command-line utilities for security auditing.
Test Report Aggregators - Aggregates audit reports from multiple hosts to simplify enterprise-wide compliance tracking.
Batch Processing Utilities - Supports a headless execution mode that suppresses prompts for seamless integration into automated scheduling and monitoring workflows.
Structured Data Exporters - Serializes audit results into machine-readable formats to facilitate centralized reporting and integration with external analysis platforms.
Command Line Configuration - Updates scan parameters through command-line instructions to enable integration with external configuration management systems.
Task Prioritization - Prioritizes security hardening tasks based on risk assessments and effort to guide remediation.
Shells & Scripting - Executes independent security checks as discrete shell scripts that interact directly with the host operating system.
Centralized Secrets Management - Aggregates scan results from multiple hosts into a central location for enterprise-wide reporting and analysis.
Plugin Development Frameworks - Supports extending built-in audit capabilities through custom shell scripts and plugins.
Data Serialization Formats - Converts audit findings into structured, machine-readable formats for centralized reporting and data analysis.
File System Monitors - Tracks changes to system files and configurations to detect unauthorized modifications and maintain integrity.
Automation Extenders - Integrates custom scripts or plugins to gather additional system information and perform tailored security assessments.
Shell Script Execution Engines - Operates as a collection of modular shell scripts that execute native commands to validate local system configurations.
Security Finding Management - Tracks security findings and provides actionable plans to resolve identified issues.
Modular Architectures - Organizes security checks into isolated, independent units that can be selectively enabled or disabled based on system requirements.
Environment Information Gatherers - Gathers hardware details and security logs through authenticated requests to maintain accurate monitoring of system status.
IT Asset Management - Enables monitoring and control of security configurations across multiple IT assets through a unified interface.

wazuh/wazuh

14,779View on GitHub

Wazuh is an integrated security platform that combines endpoint detection and response, security information and event management, and cloud workload protection. It functions as a centralized system for collecting telemetry, aggregating logs, and correlating events across distributed infrastructure to maintain security and integrity. The platform distinguishes itself through its active response orchestration, which allows for the automated execution of scripts on remote endpoints to neutralize threats in real time. It provides deep visibility into system activity through file integrity monito

VoltAgent/awesome-claude-code-subagents

21,906View on GitHub

This project provides a framework for managing multi-agent systems, designed to automate complex software development, infrastructure, and business workflows. It functions as a multi-agent workflow orchestrator that routes tasks to domain-specific workers while maintaining state persistence and infrastructure automation. By leveraging large language models, the system decomposes high-level objectives into actionable plans, ensuring that complex operations are executed with consistency and reliability. The framework distinguishes itself through its hierarchical agent registry and policy-driven

rocky-linux/rocky

9,497View on GitHub

Rocky is an open-source enterprise operating system designed for server and cloud infrastructure. It is a community-maintained Linux server distribution that provides a platform focused on stability and security. The project is fundamentally a Red Hat Enterprise Linux compatible operating system, maintaining bug-for-bug binary compatibility to ensure identical software behavior. This allows it to serve as an enterprise-grade platform without proprietary licensing. The distribution covers a broad range of system administration capabilities, including package management via modular repository

promptfoo/promptfoo

10,529View on GitHub

Promptfoo is an evaluation framework designed for testing, benchmarking, and red-teaming language models and agentic workflows. It provides a unified environment to run prompts against multiple providers, allowing developers to systematically validate model outputs against objective assertions, semantic similarity metrics, and custom grading rubrics. The platform distinguishes itself through a provider-agnostic execution layer and a stateful orchestrator capable of simulating multi-turn conversations and complex tool-use trajectories. It includes a dedicated adversarial mutation pipeline that

CISOfylynis

Features