What is Sesha?
Sesha is a YAML-driven security auditing tool for Linux. Write declarative checks in plain YAML — no code, no plugins, no agents. Ship it as a single static binary with zero runtime dependencies.
It auto-detects your environment (bare-metal, VM, or container), filters checks by OS, distro, and profile, then reports findings in human-readable text, JSON, or JSONL.
Philosophy
- Lean and single-purpose — audit hosts, nothing else
- Declarative — checks are data, not code. Anyone can read and write them
- Security-first — all command execution goes through a strict allowlist. No shell invocation, ever
- Checks tell a story — each check describes what it verifies, why it matters, and how to fix it
- Zero dependencies at runtime — one binary, drop it anywhere
Quick Start
# Install
go install github.com/ancients-collective/sesha/cmd/sesha@latest
# Run — show findings (default)
sesha
# Show all check results
sesha --show all
# JSON for SIEM ingestion
sesha --format json
# Filter by severity
sesha --sev critical,highCheck Categories
Sesha ships with checks across 7 security categories:
🔒 Authentication
📁 Filesystem
⚙️ Kernel
📝 Logging
🌐 Network
🔑 SSH
🖥️ System
Writing your own checks is simple — see the check authoring guide.