usage: ujust audit-secureblue [-h] [-s SKIP] [-j]

Audit secureblue configuration for security

options:
  -h, --help       show this help message and exit
  -s, --skip SKIP  skip categories (flatpak,kargs)
  -j, --json       display output as JSON

The following status indicators accompany checks run by the audit script:

[FAIL]: check failed - the configuration may be less secure.
[WARN]: partial failure, or less significant issue detected.
[PASS]: check passed - no problems detected.
[UNKNOWN]: unable to perform check (usually due to a file permission issue).

For flatpak checks, the status indicators have more specific meanings:

[FAIL]: app has permissions that can be used as sandbox escapes, allow it to
        modify its own permissions, or otherwise grant very broad access to the
        system (e.g. access to certain directories, direct D-Bus access, X11).
[WARN]: app has permissions that have some sandbox escape potential or otherwise
        weaken security (e.g. PulseAudio, Bluetooth, not using hardened_malloc).
[INFO]: no potential sandbox escapes detected but some permissions could
        increase attack surface or have privacy implications (e.g. network
        access).
[PASS]: no app permissions flagged (however, not all permissions are audited).

Note that some flatpak apps require broad permissions to function. Permissions
being flagged by the audit script do not necessarily mean that action should be
taken.