Hi everyone,

I’ve been working on a small open-source project called IronAudit.

It is a local Linux security posture auditor written in Python. The goal is to run read-only checks on a Linux host, produce structured findings, compute a security score, and generate readable reports.

Current features:

\- local read-only Linux checks

\- SSH, firewall, users, services, permissions, updates and auth checks

\- severity-based findings

\- scoring from 0 to 100

\- remediation guidance

\- terminal output

\- JSON / Markdown / HTML reports

\- local web dashboard

\- report comparison and snapshot history

What it is not:

\- not an exploit tool

\- not a vulnerability scanner like Nessus/OpenVAS

\- not a replacement for Lynis or OpenSCAP

\- not a compliance-certified scanner

My goal is to make it useful for homelab users, students, junior sysadmins, and people who want a readable first security baseline for Linux servers.

I would really appreciate feedback on:

\- the scoring model

\- the checks that should be added or removed

\- report readability

\- README clarity

\- whether the project feels useful or redundant

\- what would make you trust or use this kind of tool

Thanks!

[https://github.com/SonFire03/IronAudit.git](https://github.com/SonFire03/IronAudit.git)