ssh-audit is a tool for ssh server and client configuration auditing. Analyzes client and server configuration, connection negotiation parameters, and cryptographic settings and outputs a security report. Has no dependencies.

Lynis is a security auditing tool for systems based on UNIX like Linux, macOS, BSD, and others. It performs an in-depth security scan and runs on the system itself. The primary goal is to test security defenses and provide tips for further system hardening. It will also scan for general system information, vulnerable software packages, and possible configuration issues. Lynis was commonly used by system administrators and auditors to assess the security defenses of their systems.

Automated security auditing
Compliance testing (e.g. ISO27001, PCI-DSS, HIPAA)
Vulnerability detection

An open source web server and web application scanner that tests for misconfigurations, bugs, and missing patches. Not designed to be subtle, it's a pen tester's auditing tool through and through.

A daemon that implements granular auditing and logging of OS-level events on Linux systems. Requires kernel v2.6.0 or later.

Blog post that has a procedure for using auditd to watch over specific files as well as how to sort through the audit logs to find the relevant entries.