Skip to content

Latest commit

 

History

History
55 lines (37 loc) · 1.5 KB

File metadata and controls

55 lines (37 loc) · 1.5 KB

Linbean

Linbean is a single-file Bash auditor for Linux privilege-escalation risk review. It inventories common local escalation surfaces, ranks findings by severity, and emits text, JSON, or Markdown reports.

It is built for authorized defensive assessments. Default mode is read-only except for optional report output under /tmp. Active checks are opt-in with --active.

Install

git clone https://github.com/kernelstub/linbean.git
cd linbean
chmod +x linbean.sh

Quick Start

Run directly:

curl -fsSL https://raw.githubusercontent.com/kernelstub/linbean/main/linbean.sh | bash

Local checkout:

./linbean.sh
./linbean.sh --fast
./linbean.sh --markdown --output /tmp/linbean-report.md
./linbean.sh --json --output /tmp/linbean-report.json
./linbean.sh --active

What It Checks

  • Sudo, doas, pkexec, polkit, PAM, and account policy
  • SUID, SGID, Linux capabilities, writable privileged paths, and PATH risks
  • Cron, systemd units, timers, startup files, logrotate, and backup paths
  • SSH, shell history metadata, environment indicators, and credential-store metadata
  • Containers, mounts, network listeners, firewall posture, and cloud/virtualization hints
  • Kernel hardening, LSM posture, installed tooling, package/version hints, ACLs, and attributes

Output

Linbean supports:

  • Human-readable terminal output
  • Valid JSON with --json
  • Markdown with --markdown
  • Report writing under /tmp with --output

Documentation

See docs/USAGE.md for full usage.