Skip to content

Latest commit

 

History

History
84 lines (58 loc) · 2.03 KB

File metadata and controls

84 lines (58 loc) · 2.03 KB

Usage

Linbean runs as a normal user and does not require installation. Root is not required, but a root run may expose more metadata for comparison during authorized audits.

./linbean.sh [options]

Options

Option Description
--help Show help text.
--no-color Disable ANSI color output.
--quiet Suppress informational findings in text output.
--json Emit valid JSON instead of text.
--markdown Emit Markdown instead of text.
--active Run controlled write and execute validation probes.
--output <file> Write the report to a file under /tmp.
--full Run broader filesystem checks. This is the default.
--fast Skip slower filesystem checks.

Examples

Run the default full audit:

./linbean.sh

Run a faster audit:

./linbean.sh --fast

Write a Markdown report:

./linbean.sh --markdown --output /tmp/linbean-report.md

Write a JSON report:

./linbean.sh --json --output /tmp/linbean-report.json

Run opt-in active validation probes:

./linbean.sh --active

Modes

--full is the default and performs broader filesystem checks. It can take longer on systems with large home directories, many mounts, or deep application trees.

--fast skips slower filesystem scans and is better for quick triage.

--active adds controlled validation checks that may create and remove harmless marker files or temporary test scripts. Use it only on systems where you have explicit authorization to validate writable and executable paths.

Report Fields

Each finding includes:

  • Severity
  • Confidence
  • Evidence
  • Impact
  • Recommended remediation
  • Commands used

Severity is a triage signal, not proof of exploitability. Confidence reflects how directly Linbean could observe the condition from the current user context.

Output Files

--output only accepts paths under /tmp.

./linbean.sh --output /tmp/linbean.txt
./linbean.sh --markdown --output /tmp/linbean.md
./linbean.sh --json --output /tmp/linbean.json