Skip to content

OrynVail/oryn-audit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
oryn_audit.sh
oryn_audit.sh
 
 
oryn_audit_sample.md
oryn_audit_sample.md
 
 
shell.nix
shell.nix
 
 

Repository files navigation

OrynAudit

"The system doesn't lie. It just forgets. This script reminds it what it's hiding."

License: MIT Shell Script NixOS Security

System Confessional Script for NixOS & Linux Machines

OrynAudit is a surgical-grade audit tool. Not just a scanner. Not just a checklist. It interrogates your system with colour-coded precision, aesthetic clarity, and markdown-ready output.

It doesn't just tell you what you installed. It tells you what you forgot.

✨ Features

🔴 HIGH     🟡 MEDIUM     🔵 INFO     ✅ GOOD
  • 🔐 User & Privilege Analysis
  • 🔌 Network Exposure Mapping
  • 🔍 DNS Leak Detection
  • 🧬 SUID Binary Forensics
  • 🧠 System State Snapshot
  • 📊 Markdown Report Generation
  • 🎨 Enhanced Terminal Output

🚀 Quick Start

One-liner with full environment:

git clone https://github.com/OrynVail/oryn-audit.git
cd oryn-audit
nix-shell
chmod +x oryn_audit.sh
sudo ./oryn_audit.sh

Minimal run (core utilities required):

sudo ./oryn_audit.sh

📸 Sample Output

Want to see what it looks like before running it?
View Sample Report

🔍 Audit Scope

Click to expand full audit checklist

Security & Permissions

  • SUID/SGID binaries and ownership analysis
  • World-writable files and unowned resources
  • User accounts with login shells
  • Sudo privilege escalation paths

Network & Services

  • Open TCP/UDP ports with process mapping
  • DNS configuration and leak testing
  • Startup services and failed daemons
  • Root processes and resource consumption

System Health

  • Memory and disk utilization
  • CPU vulnerabilities and mitigations
  • Kernel parameters and hardening
  • Container/VM environment detection

NixOS Specific

  • Store integrity and daemon status
  • Declarative configuration insights
  • Generation analysis and cleanup opportunities

🛠️ Dependencies

Core requirements:

  • Bash 4.0+
  • Standard Unix utilities (ss, find, ps, grep, awk)
  • Root privileges for comprehensive scanning

Optional enhancements:

  • bat — Syntax-highlighted report viewing
  • rich — Beautiful terminal formatting
  • dig — DNS leak detection

The included shell.nix provides everything automatically.

📋 Usage Examples

Basic system audit:

sudo ./oryn_audit.sh

View generated report:

bat /tmp/oryn_audit-*.md  # With bat installed
# or
cat /tmp/oryn_audit-*.md  # Plain text

Automated daily audits:

# Add to crontab for daily 3 AM audits
0 3 * * * /path/to/oryn_audit.sh > /var/log/oryn_audit.log 2>&1

📜 License

See LICENSE

⭐ Star this repo if OrynAudit helped reveal your system's secrets

About

Audit tool for NixOS and Linux machines

Topics

security-audit nix nixos shell-script audit-log

Resources

Readme

License

MIT license
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages