Some times ago I posted about scc tool, here is a short update with some example reports provided. https://dev.to/melezhik/linux-compliance-checks-with-sparrow-plugin-2160
People can use the plugin to check if their Linux configuration files are security compliant
Sparrow is a Raku automation framework


Yeah … voting around here is interesting from time to time.
On a positive note, I hadn’t heard of the Linux Security Audit Project, looks interesting, thank you.
I only briefly skimmed through the readme so I might have missed it, but I wonder how they’re able to claim compliance with specific standards.
It was my understanding that it’s typically a drawn out expensive process with a certificate to hang on the wall after the fact.
They make it clear it’s an assessment aid rather than a replacement for professional audits.
Ultimately, you need to be accredited by a third party to whatever standard you’re targeting. Linux Security Audit Project just gives you some checks to help review your current posture and start tackling things ahead of the audit.