A lightweight Linux automation project that simulates key internal control checks required for SOX (Sarbanes-Oxley Act) compliance using OSQuery, Bash, and Cron. This tool helps validate File Integrity, Access Control, Privilege Escalation Risks, and System Exposure — aligned with SOX ITGC (IT General Controls) requirements.
This project simulates SOX-compliant auditing on a Linux system by:
- Monitoring file integrity (to detect unauthorized changes)
- Tracking user login activity
- Scanning for risky SUID binaries
- Reporting open network ports
All checks run via OSQuery and are scheduled using a simple Bash script with Cron.
| Control Area | Check Implemented |
|---|---|
| Change Management | File Integrity Monitoring (hash) |
| Access Control | Logged-in user tracking (logged_in_users) |
| Privilege Escalation | SUID Binary Scan (suid_bin) |
| System Hardening | Listening Ports Check (listening_ports) |
These logs serve as evidence artifacts of internal control validation — useful for SOX auditors and ITGC assessments.
- 📁 Monitors custom or sensitive files (e.g.,
/etc/passwdor simulated finance files) - 🔒 Audits active user sessions
- 🧱 Detects binaries that can escalate privileges
- 🌐 Logs open ports and associated processes
- 📦 Outputs results as timestamped JSON logs
- 🧠 Beginner-friendly, script-based, and easy to extend
- A Bash script (
run_sox_validator.sh) runs 4 OSQuery checks - Each query result is exported as a
.jsonlog insidelogs/ - A Cron job automates this script at regular intervals
.gitignoreexcludes logs from GitHub uploads to maintain privacy
git clone https://github.com/ananya-5420/sox-linux-validator.git
cd sox-linux-validatorchmod +x run_sox_validator.sh./run_sox_validator.shcrontab -eAdd this line to run every 30 mins:
*/30 * * * * /bin/bash /home/yourusername/sox-linux-validator/run_sox_validator.sh