Linbean runs as a normal user and does not require installation. Root is not required, but a root run may expose more metadata for comparison during authorized audits.
./linbean.sh [options]| Option | Description |
|---|---|
--help |
Show help text. |
--no-color |
Disable ANSI color output. |
--quiet |
Suppress informational findings in text output. |
--json |
Emit valid JSON instead of text. |
--markdown |
Emit Markdown instead of text. |
--active |
Run controlled write and execute validation probes. |
--output <file> |
Write the report to a file under /tmp. |
--full |
Run broader filesystem checks. This is the default. |
--fast |
Skip slower filesystem checks. |
Run the default full audit:
./linbean.shRun a faster audit:
./linbean.sh --fastWrite a Markdown report:
./linbean.sh --markdown --output /tmp/linbean-report.mdWrite a JSON report:
./linbean.sh --json --output /tmp/linbean-report.jsonRun opt-in active validation probes:
./linbean.sh --active--full is the default and performs broader filesystem checks. It can take longer on systems with large home directories, many mounts, or deep application trees.
--fast skips slower filesystem scans and is better for quick triage.
--active adds controlled validation checks that may create and remove harmless marker files or temporary test scripts. Use it only on systems where you have explicit authorization to validate writable and executable paths.
Each finding includes:
- Severity
- Confidence
- Evidence
- Impact
- Recommended remediation
- Commands used
Severity is a triage signal, not proof of exploitability. Confidence reflects how directly Linbean could observe the condition from the current user context.
--output only accepts paths under /tmp.
./linbean.sh --output /tmp/linbean.txt
./linbean.sh --markdown --output /tmp/linbean.md
./linbean.sh --json --output /tmp/linbean.json