Automatically audit your Linux machine for basic security hygiene.
See https://pkg.paretosecurity.com for install steps.
To run a one-time security audit:
paretosecurity checkor with JSON reporter
paretosecurity check --jsonTo run a one-time security audit without installation:
nix run github:paretosecurity/pareto-linux -- checkor if running from local repo with JSON reporter
nix run . -- check --jsonThis will analyze your system and provide a security report highlighting potential improvements and vulnerabilities.
As root run:
$ sudo nix-channel --add https://github.com/paretosecurity/pareto-linux/archive/main.tar.gz paretosecurity
$ sudo nix-channel --updateThen add the following to your configuration.nix in the imports list:
{
imports = [ <paretosecurity/modules/paretosecurity.nix> ];
}To install the paretosecurity binary:
{
environment.systemPackages = [ (pkgs.callPackage <paretosecurity/pkgs/paretosecurity.nix> {}) ];
}{
inputs.paretosecurity.url = "github:paretosecurity/pareto-linux";
# optional, not necessary for the module
#inputs.paretosecurity.inputs.nixpkgs.follows = "nixpkgs";
outputs = { self, nixpkgs, paretosecurity }: {
# change `yourhostname` to your actual hostname
nixosConfigurations.yourhostname = nixpkgs.lib.nixosSystem {
# change to your system:
system = "x86_64-linux";
modules = [
./configuration.nix
paretosecurity.nixosModules.default
];
};
};
}Using NixOS module (replace system "x86_64-linux" with your system):
{
environment.systemPackages = [ paretosecurity.packages.x86_64-linux.default ];
}e.g. inside your flake.nix file:
{
inputs.paretosecurity.url = "github:paretosecurity/pareto-linux";
# ...
outputs = { self, nixpkgs, paretosecurity }: {
# change `yourhostname` to your actual hostname
nixosConfigurations.yourhostname = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
# ...
{
environment.systemPackages = [ paretosecurity.packages.${system}.default ];
}
];
};
};
}