ClawHub

Linux Security Scanner

Linux security auditing tool that checks SSH configuration, open/listening ports, firewall rules (ufw/iptables/nftables), failed login attempts, sudoers permissions, world-writable files, and SUID binaries. Use when a user needs a security posture assessment, hardening audit, or compliance check on a Linux host — run individual checks or a full comprehensive audit with a formatted report.

Audits

Pass
ClawScanPass

Agentic behavior and permission review.

Static analysisPass

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install linux-security-scanner

Linux Security Scanner

Script

scripts/security-audit.sh — the single entry point for all checks.

The script is self-contained, portable, and works on any modern Linux system. It auto-detects available tools (ss/netstat, ufw/iptables/nftables, journalctl) and gracefully skips unavailable ones.

Quick Start

Run a full audit:

bash scripts/security-audit.sh --all

Or with no arguments (same as --all):

bash scripts/security-audit.sh

Individual Checks

Run any single check by name:

CommandWhat it checks
--sshPermitRootLogin, PasswordAuthentication, Port, Protocol in sshd_config
--portsListening TCP ports (ss or netstat)
--firewallufw status, iptables filter rules, nftables ruleset
--failed-loginslastb output and journalctl SSH auth failures (last 24h)
--sudoersSudoers file permissions (must be 440), files present, NOPASSWD entries, full sudo access grants
--world-writableWorld-writable files in /etc, /tmp, /var, /home, /opt (depth 3)
--suidAll SUID binaries, risk assessment, unusual path detection

Example:

bash scripts/security-audit.sh --ssh --failed-logins

Full Audit Workflow

  1. Run bash scripts/security-audit.sh --all
  2. The script outputs a colorized report to stdout
  3. A structured markdown report is stored in the $REPORT variable (accessible within the same shell session)
  4. For programmatic use, redirect output to a file

Common Findings & Recommendations

  • SSH hardening: Disable root login, disable password auth, use key-only auth, change default port
  • Firewall: Ensure only necessary ports are open; prefer deny-by-default
  • Sudoers: Avoid NOPASSWD where possible; keep permissions at 440; audit who has full sudo access
  • SUID: Review unusual SUID paths; minimize SUID binaries; check for known CVEs on common ones (pkexec, sudo, etc.)
  • World-writable files: These are security risks — investigate why they're writable and restrict permissions

Notes

  • Requires root/sudo for some checks (failed-logins reads /var/log/btmp, ss shows process info)
  • Runs entirely in the shell — no external dependencies beyond standard Linux tools
  • Respects permission boundaries — non-accessible checks are noted, not forced