Postfetch (posture fetch) is a fastfetch-style privacy and security audit tool for Linux, written in rust.
Instead of cosmetic system info, postfetch shows whether your system
is configured to support privacy, security, local control, and digital sovereignty.
| Module | Checks |
|---|---|
| encryption | LUKS disk encryption, dm-crypt active devices, /etc/crypttab, encrypted swap, TPM chip, home dir encryption, others |
| firewall | nftables, iptables, UFW, firewalld, overall firewall status, others |
| dns | Nameservers + provider label, DNS leak risk, DNS-over-TLS, DNSSEC, local resolvers (unbound, dnsmasq, dnscrypt), others |
| telemetry | apport, whoopsie, snapd, geoclue, avahi, systemd-coredump, Firefox telemetry prefs, Chrome managed policies, others |
| sandboxing | Flatpak, Firejail, bubblewrap, AppArmor, SELinux, seccomp (PID 1), Docker, others |
| hardening | ASLR, kptr_restrict, dmesg_restrict, perf_event_paranoid, ptrace_scope, unprivileged user namespaces, auditd, others |
| network | VPN interface (tun/wg/proton/mullvad), Tor service + SocksPort, WiFi MAC randomization, IPv6 status, open ports, others |
The following one-liner let's you run the latest binary directly:
curl -sL https://github.com/R3DRUN3/postfetch/releases/download/v0.2.0/postfetch-v0.2.0-x86_64-linux-musl.tar.gz | tar -xz && ./postfetchPostfetch is also available on aur, you can install it with yay -S postfetch.
Tip
In order to cover all the checks, better to run as sudo
If you want to reduce the output, you can also run a single module, for example:
sudo ./postfetch --module network-w, --warnings-only Only show non-passing checks
--no-color Disable ANSI color output
-m, --module <MODULE> Run a single module only
- Create
src/checks/mymodule.rs—> implementpub fn check_mymodule() -> Vec<CheckResult>. - Declare it in
src/checks/mod.rswithpub mod mymodule;. - Add a match arm in
src/main.rs.
That's it, no other changes needed.