[](https://github.com/girste/CHIHUAUDIT/actions/workflows/ci.yml)
[](https://github.com/girste/CHIHUAUDIT/actions/workflows/lint.yml)
[](https://github.com/girste/CHIHUAUDIT/actions/workflows/codeql.yml)
[](https://github.com/girste/CHIHUAUDIT/actions/workflows/trivy.yml)
[](https://github.com/girste/CHIHUAUDIT/actions/workflows/snyk.yml)
[](https://scorecard.dev/viewer/?uri=github.com/girste/CHIHUAUDIT)
[](https://www.bestpractices.dev/projects/11858)
[](https://slsa.dev)
[](https://goreportcard.com/report/github.com/girste/CHIHUAUDIT)
---
## 🎯 What is Chihuaudit?
A portable, single-binary system auditing tool for Linux. Like [Lynis](https://cisofy.com/lynis/) but faster and smarter.
**No configuration needed. No dependencies. Just run.**
```bash
sudo ./chihuaudit audit
```
## ✨ Features
- **🔒 Security**: Firewall, SSH hardening, SSL/TLS, fail2ban, SUID binaries, open ports
- **🚀 Services**: Systemd services, web servers, databases, Docker
- **💻 Resources**: CPU, RAM, disk usage, top processes
- **💾 Storage**: SMART health, inode usage, filesystem errors
- **🗄️ Databases**: PostgreSQL, MySQL, Redis health checks
- **🐳 Docker**: Container status, resource usage, volumes
- **🌐 Network**: DNS resolution, latency, interfaces, connections
- **📦 Backups**: Backup detection and freshness checks
- **📝 Logs**: Error analysis, SSH attempts, service restarts
- **⏰ Monitoring**: Continuous mode with Discord webhook notifications
## 🤖 Claude Skill Alternative
**Don't want to install anything?** Use the **Claude Skill** version instead!
Execute the same comprehensive system audit directly through Claude (Sonnet, Opus, or Haiku) using native shell commands - no binary installation required.
**Key Benefits**:
- 🚀 **Zero Installation** - Works immediately with sudo access
- 🔄 **Consistent Results** - 1+ year of production use with extremely reliable output
- 📊 **Same Coverage** - All 87 checks, 10 categories, identical methodology
- ⚡ **Fast** - 30-90 second execution time
**Requirements**: Linux with systemd, sudo NOPASSWD configured, Claude with shell access
**Documentation**: [docs/skill/chihuaudit-skill.md](docs/skill/chihuaudit-skill.md)
---
🚀 Quick Start
### Build
```bash
make build
# or
./build.sh
```
### Run
```bash
# Single audit
sudo ./bin/chihuaudit audit
# JSON output
sudo ./bin/chihuaudit audit --json
# Continuous monitoring
sudo ./bin/chihuaudit monitor --interval=5m
# Generate config
./bin/chihuaudit init-config
```
📊 Example Output
### Terminal Output
```
=== CHIHUAUDIT REPORT ===
Timestamp: 2026-02-05 12:38:27
Hostname: server.example.com
OS: Ubuntu 24.04.3 LTS
--- 1. SECURITY ---
Firewall: active (ufw) ✓
SSH: active
SSH Port: 2244
SSH Password Auth: disabled ✓
SSH Root Login: no ✓
External Ports: [443, 80, 2244]
Localhost-Only Ports: [5432, 6379]
SSL Certificates: 5 (all valid)
--- 2. SERVICES ---
Total Running: 31
Failed: 0 ✓
Web: caddy (active)
Database: postgresql (active)
[... 8 more categories ...]
Total Checks: 87
```
🔧 Webhook Notifications
Chihuaudit supports **webhook notifications** for real-time monitoring alerts. While optimized for Discord, it works with **any webhook-compatible service** (Slack, Microsoft Teams, Mattermost, custom endpoints, etc.).
*Color-coded alerts: 🟢 Green (healthy), 🟡 Yellow (warnings), 🔴 Red (critical)*
### Setup
```bash
# Generate default config
./bin/chihuaudit init-config
# Edit configuration
nano ~/.chihuaudit/config.json
```
### Configuration
```json
{
"discord_webhook": "https://discord.com/api/webhooks/YOUR_WEBHOOK_ID/YOUR_WEBHOOK_TOKEN",
"notification_whitelist": {
"cpu_threshold": 70,
"memory_threshold": 70,
"disk_threshold": 85,
"ignore_changes": ["uptime", "active_connections"]
}
}
```
### Webhook Compatibility
**Discord** (native support):
- Rich embeds with color-coded alerts
- Custom avatar and username
- Timestamp and structured fields
**Slack** (works with minor format differences):
- Use `discord_webhook` field with your Slack webhook URL
- Embeds translate to Slack attachments
- Colors and formatting preserved
**Other services**:
- Any service accepting JSON POST with `embeds` field
- Microsoft Teams incoming webhooks
- Mattermost webhooks
- Custom webhook handlers
### Alert Thresholds
**CPU Load**: Trigger when load average exceeds threshold
**Memory Usage**: Alert on RAM usage percentage
**Disk Space**: Warning when disk usage crosses limit
**Ignore List**: Skip notifications for frequently changing metrics
### Monitoring Mode
```bash
# Monitor every 5 minutes with webhook alerts
sudo ./bin/chihuaudit monitor --interval=5m
```
Changes are detected and only significant events trigger notifications, reducing alert fatigue.
🎯 Design Philosophy
- **Universal**: Works on any Linux distro without configuration
- **Portable**: Single static binary, zero dependencies
- **Safe**: Read-only checks, no system modifications
- **Fast**: Parallel execution, ~1 second for full audit
- **Simple**: Minimal code, maximum clarity
- **Automated**: Perfect for CI/CD and monitoring
## 📖 Documentation
- [Installation Guide](docs/INSTALLATION.md)
- [Development Log](docs/DEVELOPMENT.md)
- [Contributing Guidelines](CONTRIBUTING.md)
🏗️ Architecture
```
chihuaudit/
├── main.go # CLI entry point
├── checks/ # 10 audit categories
│ ├── security.go # Firewall, SSH, SSL, ports
│ ├── services.go # Systemd, web, DB servers
│ ├── resources.go # CPU, RAM, disk
│ └── ...
├── detect/ # OS/tool detection
├── notify/ # Discord webhooks
├── report/ # Text/JSON formatters
└── state/ # Change tracking
```
## 🤝 Contributing
Contributions welcome! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
Keep code:
- **Simple**: Minimal, readable, maintainable
- **Portable**: Detection-based, no hardcoded paths
- **Safe**: No shell injection, no user input in commands
- **Consistent**: Follow existing patterns
## 📜 License
MIT License - see [LICENSE](LICENSE) for details
---
**Made with ❤️ for sysadmins everywhere**
[](https://opensource.org/licenses/MIT)