Lynis is a good tool for automating audits. It’s in the debian repos. We’ve applied most of the changes already but there may be some more useful stuff there.
sudo apt update sudo apt install lynis sudo lynis audit system
It would be best to test this with the testing Whonix versions so it detects all of the recent changes.
4 posts were split to a new topic: make symlink attacks and other /tmp based attacks harder or impossible using libpam-tmpdir