System Hardener
version: "1.0.0"
by bytesagain1 · published 2026-03-22
$ claw add gh:bytesagain1/bytesagain1-system-hardener---
version: "1.0.0"
name: Lynis
description: "Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance tes system-hardener, shell, auditing, compliance, devops."
---
# System Hardener
System Hardener v2.0.0 — a sysops toolkit for tracking and documenting system hardening activities from the command line. Record security scans, monitor compliance, log fixes, and maintain a complete audit trail of every hardening step you take.
Why System Hardener?
Getting Started
# See all available commands
system-hardener help
# Check current health status
system-hardener status
# View summary statistics
system-hardener statsCommands
Operations Commands
Each command works in two modes: run without arguments to view recent entries, or pass input to record a new entry.
| Command | Description |
|---------|-------------|
| `system-hardener scan <input>` | Record security scan results (vulnerability scans, CIS benchmarks, port audits) |
| `system-hardener monitor <input>` | Log monitoring observations (intrusion attempts, failed logins, file integrity) |
| `system-hardener report <input>` | Create report entries (compliance reports, audit summaries, risk assessments) |
| `system-hardener alert <input>` | Record alert events (security warnings, policy violations, anomaly detections) |
| `system-hardener top <input>` | Log top-level security metrics (most targeted services, top attack sources) |
| `system-hardener usage <input>` | Track usage data (firewall rule hits, SELinux denials, auth attempts) |
| `system-hardener check <input>` | Record health checks (config compliance, patch status, certificate validity) |
| `system-hardener fix <input>` | Document fixes applied (security patches, config hardening, permission fixes) |
| `system-hardener cleanup <input>` | Log cleanup operations (stale accounts, unused services, expired certs) |
| `system-hardener backup <input>` | Track backup operations (security config backups, key backups) |
| `system-hardener restore <input>` | Record restore operations (config rollbacks, key recovery) |
| `system-hardener log <input>` | General-purpose log entries (security notes, observations, research) |
| `system-hardener benchmark <input>` | Record benchmark results (CIS scores, hardening scores, before/after) |
| `system-hardener compare <input>` | Log comparison data (baseline diffs, cross-host audits, pre/post hardening) |
Utility Commands
| Command | Description |
|---------|-------------|
| `system-hardener stats` | Show summary statistics across all log categories |
| `system-hardener export <fmt>` | Export all data (formats: `json`, `csv`, `txt`) |
| `system-hardener search <term>` | Search across all entries for a keyword |
| `system-hardener recent` | Show the 20 most recent history entries |
| `system-hardener status` | Health check — version, data dir, entry count, disk usage |
| `system-hardener help` | Show the built-in help message |
| `system-hardener version` | Print version (v2.0.0) |
Data Storage
All data is stored locally in `~/.local/share/system-hardener/`. Structure:
Each entry is stored as `YYYY-MM-DD HH:MM|<input>`. Use `export` to back up your data anytime.
Requirements
When to Use
1. **Compliance auditing** — Track every hardening action with timestamps to produce evidence for HIPAA, ISO 27001, or PCI DSS audits
2. **Security incident response** — During an incident, log scans, alerts, and fixes in one place to build a complete forensic timeline
3. **Baseline comparison** — Use `benchmark` and `compare` to record CIS scores before and after hardening to prove measurable improvement
4. **Change management documentation** — Log every security fix, config change, and cleanup so you have an auditable change history
5. **Multi-host hardening campaigns** — Track progress across a fleet by recording scan and check results per host, then `search` by hostname
Examples
# Record a vulnerability scan result
system-hardener scan "CIS Level 2 scan on db-prod-01: 94% compliant, 7 findings"
# Log a security alert
system-hardener alert "3 failed SSH root login attempts from 203.0.113.42 in 5 min"
# Document a hardening fix
system-hardener fix "Disabled SSHv1, set PermitRootLogin=no on all prod hosts"
# Record a benchmark score
system-hardener benchmark "Lynis score: 78 → 91 after hardening pass on web-tier"
# Export audit trail to JSON for compliance
system-hardener export json
# Search logs for a specific host
system-hardener search "db-prod-01"
# View recent activity
system-hardener recentOutput
All commands output to stdout. Redirect to a file if needed:
system-hardener stats > audit-summary.txt
system-hardener export csvConfiguration
Set `SYSTEM_HARDENER_DIR` environment variable to override the default data directory (`~/.local/share/system-hardener/`).
---
Powered by BytesAgain | bytesagain.com | hello@bytesagain.com
More tools from the same signal band
Order food/drinks (点餐) on an Android device paired as an OpenClaw node. Uses in-app menu and cart; add goods, view cart, submit order (demo, no real payment).
Sign plugins, rotate agent credentials without losing identity, and publicly attest to plugin behavior with verifiable claims and authenticated transfers.
The philosophical layer for AI agents. Maps behavior to Spinoza's 48 affects, calculates persistence scores, and generates geometric self-reports. Give your...