Automatically audit your Linux machine for basic security hygiene.
See for install steps.
To run a one-time security audit:
paretosecurity check
or with JSON reporter
paretosecurity check --json
As root run:
$ sudo nix-channel --add paretosecurity
$ sudo nix-channel --update
Then add the following to your configuration.nix
in the imports
imports = [ <paretosecurity/modules/paretosecurity.nix> ];
To install the paretosecurity
environment.systemPackages = [ (pkgs.callPackage <paretosecurity/pkgs/paretosecurity.nix> {}) ];
paretosecurity check
This will analyze your system and provide a security report highlighting potential improvements and vulnerabilities.
inputs.paretosecurity.url = "github:paretosecurity/pareto-core";
# optional, not necessary for the module
#inputs.paretosecurity.inputs.nixpkgs.follows = "nixpkgs";
outputs = { self, nixpkgs, paretosecurity }: {
# change `yourhostname` to your actual hostname
nixosConfigurations.yourhostname = nixpkgs.lib.nixosSystem {
# change to your system:
system = "x86_64-linux";
modules = [
Using NixOS module (replace system "x86_64-linux" with your system):
environment.systemPackages = [ paretosecurity.packages.x86_64-linux.default ];
e.g. inside your flake.nix
inputs.paretosecurity.url = "github:paretosecurity/pareto-core";
# ...
outputs = { self, nixpkgs, paretosecurity }: {
# change `yourhostname` to your actual hostname
nixosConfigurations.yourhostname = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
# ...
environment.systemPackages = [ paretosecurity.packages.${system}.default ];
paretosecurity check
This will analyze your system and provide a security report highlighting potential improvements and vulnerabilities.