Bash › Linux Security Assessment Automation
Automating a Linux security assessment
You’ve learned the individual enumeration commands; this lesson assembles them into one assessment script. On a fresh Linux foothold (authorised, of course), a single script that profiles users, permissions, SUID binaries, and misconfigurations saves time and ensures you never miss a check. This is how the checklist becomes a tool.
You'll learn to
- Structure a multi-section enumeration script
- Cover the high-value privesc checks
- Make output readable and saveable
The skeleton
#!/usr/bin/env bash
# Linux assessment — run on authorised systems only.
section() { echo; echo "=== $1 ==="; }
section "Who am I"
id; hostname; uname -a
section "Sudo rights"
sudo -n -l 2>/dev/null || echo "(no passwordless sudo or not permitted)"
section "SUID binaries"
find / -perm -4000 -type f 2>/dev/null
section "World-writable files"
find / -perm -002 -type f -not -path "/proc/*" 2>/dev/null | head -50
A section helper keeps the output organised. Each section runs one category of check. Run it and you get a structured profile of the system’s security posture in one pass.
The high-value checks
section "Cron jobs (writable ones are gold)"
ls -la /etc/cron* 2>/dev/null
cat /etc/crontab 2>/dev/null
section "Interesting files in homes"
find /home -name ".bash_history" -o -name "id_rsa" -o -name ".env" 2>/dev/null
section "Readable sensitive files"
ls -la /etc/shadow 2>/dev/null # readable as non-root = critical finding
cat /etc/passwd | cut -d: -f1 # user list
section "Network"
ss -tlnp 2>/dev/null || netstat -tlnp 2>/dev/null # listening services
Each check targets a known privilege-escalation path: writable cron jobs (root runs your code), SSH keys and .env files in homes (credentials), a readable /etc/shadow (crackable hashes), and listening services (local attack surface).
Checkpoint
Why is a world-writable file in a cron path (a script root runs on a schedule) considered a high-value finding during Linux enumeration?
Because cron jobs typically run as root on a schedule. If you can write to a script that a root cron job executes, you can insert your own commands into it, and root will run them at the next scheduled time — escalating you to root. So a writable file in a cron path is effectively a path to root, which is why the enumeration script specifically checks cron paths and world-writable files.
Try it yourself
Build a small enumeration script with a section helper that prints: your id, the SUID binaries on the system, and the listening network services. Run it on a system you control, save the output to a file, and review which results would matter most if this were a real foothold.
Key takeaways
- A section helper structures multi-check enumeration output.
- Cover sudo rights, SUID, world-writable files, cron, homes, and shadow.
- Each check maps to a known privilege-escalation path.
- Save output to a file and review it as a prioritised to-do list.
Quick quiz
Next, extending assessment to the cloud — security-focused AWS, Azure, and GCP CLI workflows.