Li Base Scan v0.0.2 - Linux安全基线扫描器 / Linux Security Baseline Scanner

---

name: li-base-scan

description: Linux base security scanner integrating multiple tools - nmap, lynis, nikto, sqlmap, trivy. SINGLE HOST ONLY. Features secure temp files, progress bar, scan history, report export. Comprehensive security baseline scanning with hardened implementation.

license: MIT

metadata:

author: 北京老李 (Beijing Lao Li)

version: "0.0.2"

tags: [security, scanning, nmap, linux, audit]

---

# Li Base Scan v0.0.2 - Linux安全基线扫描器 / Linux Security Baseline Scanner

**作者 Author**: 北京老李 (Beijing Lao Li)

**版本 Version**: 0.0.2

**许可证 License**: MIT

---

🌐 Language / 语言

---

<a name="中文文档-chinese-docs"></a>

中文文档 Chinese Docs

⚠️ 安全限制 - 重要

**本工具仅支持单主机扫描，出于安全考虑，以下输入会被拒绝：**

**允许的目标格式：**

概述

Li Base Scan 是一个集成多种安全工具的Linux基线扫描器，v0.0.2版本包含以下增强功能：

集成工具

| 工具 | 功能 | 扫描类型 |

|------|------|----------|

| **nmap** | 端口扫描、服务识别 | 网络层 |

| **lynis** | 系统安全审计 | 主机层 |

| **nikto** | Web漏洞扫描 | 应用层 |

| **sqlmap** | SQL注入测试 | 应用层 |

| **trivy** | 容器/文件系统漏洞 | 多层 |

扫描模式

#### 1. Quick Scan (快速扫描)

快速扫描 127.0.0.1

#### 2. Standard Scan (标准扫描)

标准扫描 127.0.0.1

#### 3. Full Scan (完整扫描)

完整扫描 127.0.0.1
完整扫描 127.0.0.1 包含web

#### 4. Web Focused (Web专项)

web扫描 http://localhost
扫描网站 http://example.com

#### 5. Compliance (合规检查)

合规扫描 127.0.0.1
基线检查 localhost

#### 6. Stealth (隐蔽扫描) [v0.0.2新增]

隐蔽扫描 192.168.1.1
慢速扫描 target.com

对话输入示例

#### 基础命令

"快速扫描 192.168.1.1"
"标准扫描 localhost"
"检查系统安全"
"扫描网站 http://localhost:8080"
"完整安全评估 127.0.0.1"
"基线扫描"
"隐蔽扫描 10.0.0.1"

#### LLM 交互式对话

"扫描 example.com 并检查SQL注入"
"发现什么漏洞？"
"给我修复建议"
"导出HTML报告"
"系统加固情况如何？"
"Web应用有什么问题？"

命令行使用

#### 基本扫描

# 快速扫描
python3 scripts/li_base_scan.py 127.0.0.1 --mode quick

# 标准扫描
python3 scripts/li_base_scan.py 127.0.0.1 --mode standard

# 完整扫描
python3 scripts/li_base_scan.py 127.0.0.1 --mode full

#### 对话模式

python3 scripts/li_base_scan.py -c "快速扫描 127.0.0.1"

#### 导出报告 [v0.0.2新增]

# 导出Markdown报告
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export markdown

# 导出JSON报告
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export json

# 生成HTML报告（通过entrypoint）
python3 scripts/entrypoint.py '{"target": "127.0.0.1", "tools": ["nmap", "lynis"], "format": "html"}'

#### 查看历史 [v0.0.2新增]

python3 scripts/li_base_scan.py --history

#### JSON输出

python3 scripts/li_base_scan.py 127.0.0.1 --mode standard --json

输出格式

#### 控制台报告

#### 导出文件 [v0.0.2新增]

报告保存在: `/root/.openclaw/skills/li-base-scan/reports/`

#### 历史记录 [v0.0.2新增]

数据库位置: `/root/.openclaw/skills/li-base-scan/history.db`

v0.0.2 安全增强

#### 1. 安全临时文件

# 使用tempfile.NamedTemporaryFile代替硬编码路径
with tempfile.NamedTemporaryFile(mode='w', suffix='.json', 
                                 delete=False, dir='/tmp') as f:
    temp_file = f.name
os.chmod(temp_file, 0o600)  # 限制权限

#### 2. 完善的超时处理

# 子进程超时后正确终止
proc.terminate()
try:
    proc.wait(timeout=5)
except subprocess.TimeoutExpired:
    proc.kill()

#### 3. 错误信息脱敏

# 不暴露内部实现细节
return {"error": "扫描执行失败", "tool": "nmap"}
# 详细错误记录到日志
logger.error(f"Nmap scan failed")

#### 4. 审计日志

日志位置: `/var/log/li-base-scan.log`

2024-01-01 10:00:00 - INFO - Starting scan: mode=quick, target_hash=a1b2c3d4

依赖工具

# 安装所有依赖
apt-get update
apt-get install -y nmap lynis nikto sqlmap

# trivy安装
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh

使用建议

#### 快速检查 (日常)

python3 scripts/li_base_scan.py -c "快速扫描 127.0.0.1"

#### 定期深度扫描 (每周)

python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export markdown

#### Web应用测试

python3 scripts/li_base_scan.py http://localhost:8080 --mode web

#### 查看历史趋势

python3 scripts/li_base_scan.py --history

安全警告

⚠️ **仅扫描您拥有或获得明确授权的系统！**

故障排除

#### 扫描超时

# 增加超时时间
python3 scripts/li_base_scan.py 127.0.0.1 --timeout 600

#### 禁用进度条

# JSON输出或禁用进度
python3 scripts/li_base_scan.py 127.0.0.1 --json
python3 scripts/li_base_scan.py 127.0.0.1 --no-progress

#### 查看日志

tail -f /var/log/li-base-scan.log

---

<a name="english-documentation"></a>

English Documentation

⚠️ Security Restrictions - Important

**This tool supports SINGLE HOST scanning only. The following inputs are REJECTED for security reasons:**

**Allowed target formats:**

Overview

Li Base Scan is a Linux security baseline scanner integrating multiple tools. Version 0.0.2 includes:

Integrated Tools

| Tool | Function | Scan Type |

|------|----------|-----------|

| **nmap** | Port scanning, service detection | Network Layer |

| **lynis** | System security audit | Host Layer |

| **nikto** | Web vulnerability scanning | Application Layer |

| **sqlmap** | SQL injection testing | Application Layer |

| **trivy** | Container/filesystem vulnerabilities | Multi-layer |

Scan Modes

#### 1. Quick Scan

quick scan 127.0.0.1

#### 2. Standard Scan

standard scan 127.0.0.1

#### 3. Full Scan

full scan 127.0.0.1

#### 4. Web Focused

web scan http://localhost
scan website http://example.com

#### 5. Compliance

compliance scan 127.0.0.1
baseline check localhost

#### 6. Stealth [v0.0.2 New]

stealth scan 192.168.1.1
slow scan target.com

Command Line Usage

#### Basic Scanning

# Quick scan
python3 scripts/li_base_scan.py 127.0.0.1 --mode quick

# Standard scan
python3 scripts/li_base_scan.py 127.0.0.1 --mode standard

# Full scan
python3 scripts/li_base_scan.py 127.0.0.1 --mode full

#### Conversation Mode

python3 scripts/li_base_scan.py -c "quick scan 127.0.0.1"

#### Export Reports [v0.0.2 New]

# Export Markdown report
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export markdown

# Export JSON report
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export json

#### View History [v0.0.2 New]

python3 scripts/li_base_scan.py --history

#### JSON Output

python3 scripts/li_base_scan.py 127.0.0.1 --mode standard --json

Output Format

#### Console Report

#### Exported Files [v0.0.2 New]

Reports saved to: `/root/.openclaw/skills/li-base-scan/reports/`

#### History [v0.0.2 New]

Database location: `/root/.openclaw/skills/li-base-scan/history.db`

v0.0.2 Security Enhancements

#### 1. Secure Temp Files

# Use tempfile.NamedTemporaryFile instead of hardcoded paths
with tempfile.NamedTemporaryFile(mode='w', suffix='.json', 
                                 delete=False, dir='/tmp') as f:
    temp_file = f.name
os.chmod(temp_file, 0o600)  # Restrict permissions

#### 2. Proper Timeout Handling

# Properly terminate subprocess after timeout
proc.terminate()
try:
    proc.wait(timeout=5)
except subprocess.TimeoutExpired:
    proc.kill()

#### 3. Error Sanitization

# Don't expose internal implementation details
return {"error": "Scan execution failed", "tool": "nmap"}
# Log detailed errors
logger.error(f"Nmap scan failed")

#### 4. Audit Logging

Log location: `/var/log/li-base-scan.log`

2024-01-01 10:00:00 - INFO - Starting scan: mode=quick, target_hash=a1b2c3d4

Dependencies

# Install all dependencies
apt-get update
apt-get install -y nmap lynis nikto sqlmap

# Install trivy
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh

Usage Recommendations

#### Quick Check (Daily)

python3 scripts/li_base_scan.py -c "quick scan 127.0.0.1"

#### Periodic Deep Scan (Weekly)

python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export markdown

#### Web Application Testing

python3 scripts/li_base_scan.py http://localhost:8080 --mode web

#### View History Trends

python3 scripts/li_base_scan.py --history

Security Warning

⚠️ **Only scan systems you own or have explicit authorization to scan!**

Troubleshooting

#### Scan Timeout

# Increase timeout
python3 scripts/li_base_scan.py 127.0.0.1 --timeout 600

#### Disable Progress Bar

# JSON output or disable progress
python3 scripts/li_base_scan.py 127.0.0.1 --json
python3 scripts/li_base_scan.py 127.0.0.1 --no-progress

#### View Logs

tail -f ~/.openclaw/logs/li-base-scan.log

---

📞 Contact / 联系方式

**Author**: 北京老李 (Beijing Lao Li)

**Email**: (请添加您的邮箱)

**GitHub**: (请添加您的GitHub链接)

---

*Made with ❤️ by 北京老李 (Beijing Lao Li)*