The lunar script generates a scored audit report of a Unix host’s security. It is based on the CIS and other frameworks. Where possible there are references to the CIS and other benchmarks in the code documentation.
Why a shell script? I wanted a tool that was able to run on locked down systems where other tools may not be available. I also wanted a tool that ran on all versions of UNIX. Having said that there are some differences between sh and bash, so I’ve used functions only from sh. There is no warranty implied or given with this script. My recommendation is to use this script in audit mode only and address each warning individually via policy, documentation and configuration management.