Fixed Fee Pilot

The sudo rule that got forgotten is the one attackers will find first.

A 60-day pilot that turns your Linux identity blind spot into a documented baseline — every account and privilege path mapped and scored, with compliance evidence and a remediation roadmap your team can act on.

What We Typically Find

Across every Linux estate, these five categories account for the highest-risk findings.

  • Orphaned and stale accounts

    Former employees, contractors, and service accounts that were never deprovisioned — still active, still capable of authenticating.

  • Sudo drift and NOPASSWD rules

    Sudo configurations that were expanded temporarily and never locked back down. NOPASSWD entries that bypass the last authentication checkpoint on a server.

  • Shared and unrotated SSH keys

    SSH keys shared across multiple users or systems, and authorised_keys entries that haven't been rotated in years — often pointing to accounts that no longer exist.

  • Service account privilege creep

    Service accounts created with broad group memberships for convenience, never reviewed, and now carrying privileges far beyond what the service actually needs.

  • Undocumented privilege escalation paths

    Multi-hop paths from a low-privilege account to root that exist through combinations of group memberships, sudo rules, and setuid binaries — none of which are individually alarming, but together create a clear escalation route.

What You Get in 60 Days

  • Identity & Privilege Inventory — Every user, group, sudo rule, SSH key, and service account across your Linux estate, showing who can do what
  • Risk-Scored Findings Report — Prioritized findings based on real exploit patterns, highlighting the privilege paths attackers would use first
  • Compliance Evidence Package — Identity governance gaps mapped to Major regulatory frameworks with remediation guidance
  • Prioritized Remediation Plan — Phased plan to reduce privilege drift and move toward least-privilege, with a zero trust alignment overlay where applicable
  • Board-Ready Executive Summary — Executive summary for boards and a technical deep-dive for your security team

Sample Report

A simulated engagement report for an EU financial services company.

Escalation path analysis — privilege escalation from bastion to PII exfiltration

“Time-to-detection in current configuration: never.

Figure 5-1 · Escalation Path E-01 · LinuxGuard Pilot LG-AUD-2026-0042
Sample compliance report cover — Fixed Fee Pilot, Aurelia Financial Services AG
Risk-scored findings summary — severity distribution and control domain breakdown
Download Sample Report

PDF · 21 pages · No form required

What Changes After the Pilot

Complete visibility

Every identity and privilege path across your Linux estate, mapped.

Risk-scored findings

Prioritised results your board and audit committee can act on.

Compliance evidence

Mapped to NIS2, DORA, and SOC 2 control requirements.

Remediation plan

A prioritised 90-day plan ready for your next quarterly cycle.

Drift detection baseline

Continuous monitoring foundation established from day one.

You'll know your Linux identity posture with more precision than ever before.

Case Study

Customer Story

How a global payments firm cut Linux audit prep from weeks to a single export

A multi-country payments provider with hundreds of Linux systems used the LinuxGuard Fixed Fee Pilot to inventory every sudo rule, SSH key, and orphaned account. The pilot uncovered 247 orphaned accounts with active sudo rules, 4 environments with GTFOBins-exploitable privilege escalation paths, and 31 shared SSH keys — then generated auditor-ready evidence for NIS2, DORA, and PCI DSS in a single structured package.

Read the full case study →

Compliance Framework Alignment

Our methodology aligns with industry-recognized security frameworks to ensure your identity infrastructure meets regulatory requirements.

FrameworkAlignmentKey Controls CoveredStatus
NIS2Mapped toIdentity governance, access control, logging, incident reportingMandatory
DORAMapped toICT risk management, access control, third-party oversightMandatory
PCI DSSAligned withUser authentication, access restrictions, audit loggingMandatory
CIS BenchmarksAligned withLinux hardening, privilege management, authentication
NIST CSFAligned withIdentity management, access control, audit trails
SOC 2Aligned withLogical access, least privilege, access reviews
ISO 27001Aligned withAccess control, identity management, operational security
GDPRAligned withAccess governance, data protection, accountability
SOXAligned withAccess controls, segregation of duties, audit trails
HIPAAAligned withAccess controls, audit logging, unique user identification

Findings and recommendations are mapped to specific framework controls for straightforward compliance documentation.

How It Works

Discovery & Scoping

Align scope, identify in-scope systems, and establish secure data access. Stakeholder interviews set priorities and compliance requirements.

Identity & Privilege Mapping

Deploy lightweight, read-only collectors to gather Linux identity and privilege data across your estate. Users, groups, sudo rules, SSH keys, PAM configurations, and service accounts.

Security & Compliance Assessment

Build privilege paths, identify drift patterns, and map identity governance gaps to compliance framework controls (NIS2, DORA, CIS, NIST, SOC 2, PCI DSS). Score risks based on real exploit patterns.

Reporting & Remediation

Deliver the identity and privilege map, risk report, compliance gap analysis, and least-privilege roadmap. Two readouts: executive summary and technical deep-dive.

Dedicated Expert Support & Project Management

Throughout the pilot you work directly with senior Linux identity specialists — dedicated technical support and hands-on project management from kickoff to final delivery, never a hand-off to junior staff. The team brings 20+ years of enterprise IAM experience across Mastercard, EY, Lonza, and UBS, with weekly progress updates that keep your stakeholders aligned at every step.

Ready to Get Started?

Start a Fixed Fee Pilot to see who can do what on every Linux server you run.

Prefer email? peter@linuxguard.io