Li Base Scan v0.0.2 - Linux安全基线扫描器 / Linux Security Baseline Scanner

作者 Author: 北京老李 (Beijing Lao Li)
版本 Version: 0.0.2
许可证 License: MIT

---

🌐 Language / 语言

• 中文说明
• English Documentation

---

<a name="中文文档-chinese-docs"></a>

中文文档 Chinese Docs

⚠️ 安全限制 - 重要

本工具仅支持单主机扫描，出于安全考虑，以下输入会被拒绝：

• ❌ CIDR网段 (如 192.168.1.0/24)
• ❌ IP范围 (如 192.168.1.1-254)
• ❌ 多目标 (如 192.168.1.1,192.168.1.2)

允许的目标格式：

• ✅ 单个IP:

  192.168.1.1

• ✅ 域名:

  scanme.nmap.org

• ✅ 本地地址:

  127.0.0.1

  ,

  localhost

概述

Li Base Scan 是一个集成多种安全工具的Linux基线扫描器，v0.0.2版本包含以下增强功能：

• 网络安全 - 使用安全临时文件、完善超时处理、错误脱敏
• 进度显示 - 实时进度条显示扫描进度
• 历史记录 - SQLite数据库存储扫描历史
• 报告导出 - 支持Markdown和JSON格式导出
• AI分析 - 自动生成AI分析请求区块

集成工具

工具	功能	扫描类型
nmap	端口扫描、服务识别	网络层
lynis	系统安全审计	主机层
nikto	Web漏洞扫描	应用层
sqlmap	SQL注入测试	应用层
trivy	容器/文件系统漏洞	多层

扫描模式

1. Quick Scan (快速扫描)

快速扫描 127.0.0.1

• 工具: nmap
• 时间: ~30秒
• 用途: 快速了解开放端口

2. Standard Scan (标准扫描)

标准扫描 127.0.0.1

• 工具: nmap + lynis
• 时间: 2-5分钟
• 用途: 端口+系统配置审计

3. Full Scan (完整扫描)

完整扫描 127.0.0.1
完整扫描 127.0.0.1 包含web

• 工具: nmap + lynis + trivy
• 时间: 5-10分钟
• 用途: 全面安全评估

4. Web Focused (Web专项)

web扫描 http://localhost
扫描网站 http://example.com

• 工具: nmap + nikto
• 时间: 2-3分钟
• 用途: Web应用安全检测

5. Compliance (合规检查)

合规扫描 127.0.0.1
基线检查 localhost

• 工具: lynis + trivy
• 时间: 3-5分钟
• 用途: CIS基线合规检查

6. Stealth (隐蔽扫描) [v0.0.2新增]

隐蔽扫描 192.168.1.1
慢速扫描 target.com

• 工具: nmap (stealth模式)
• 时间: 5-10分钟
• 用途: 避免IDS/IPS检测

对话输入示例

基础命令

"快速扫描 192.168.1.1"
"标准扫描 localhost"
"检查系统安全"
"扫描网站 http://localhost:8080"
"完整安全评估 127.0.0.1"
"基线扫描"
"隐蔽扫描 10.0.0.1"

LLM 交互式对话

"扫描 example.com 并检查SQL注入"
"发现什么漏洞？"
"给我修复建议"
"导出HTML报告"
"系统加固情况如何？"
"Web应用有什么问题？"

命令行使用

基本扫描

# 快速扫描
python3 scripts/li_base_scan.py 127.0.0.1 --mode quick

# 标准扫描
python3 scripts/li_base_scan.py 127.0.0.1 --mode standard

# 完整扫描
python3 scripts/li_base_scan.py 127.0.0.1 --mode full

对话模式

python3 scripts/li_base_scan.py -c "快速扫描 127.0.0.1"

导出报告 [v0.0.2新增]

# 导出Markdown报告
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export markdown

# 导出JSON报告
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export json

# 生成HTML报告（通过entrypoint）
python3 scripts/entrypoint.py '{"target": "127.0.0.1", "tools": ["nmap", "lynis"], "format": "html"}'

查看历史 [v0.0.2新增]

python3 scripts/li_base_scan.py --history

JSON输出

python3 scripts/li_base_scan.py 127.0.0.1 --mode standard --json

输出格式

控制台报告

• 执行摘要 - 整体风险评级
• 网络发现 - nmap端口扫描结果
• 系统审计 - lynis合规评分和建议
• Web安全 - nikto发现的Web漏洞
• 漏洞清单 - trivy发现的CVE
• 修复建议 - 按优先级排序的行动项
• AI分析区块 - 供大模型分析的原始数据

导出文件 [v0.0.2新增]

报告保存在:

/root/.openclaw/skills/li-base-scan/reports/

• scan_<hash>_<timestamp>.md

  - Markdown格式

• scan_<hash>_<timestamp>.json

  - JSON格式

历史记录 [v0.0.2新增]

数据库位置:

/root/.openclaw/skills/li-base-scan/history.db

v0.0.2 安全增强

1. 安全临时文件

# 使用tempfile.NamedTemporaryFile代替硬编码路径
with tempfile.NamedTemporaryFile(mode='w', suffix='.json', 
                                 delete=False, dir='/tmp') as f:
    temp_file = f.name
os.chmod(temp_file, 0o600)  # 限制权限

2. 完善的超时处理

# 子进程超时后正确终止
proc.terminate()
try:
    proc.wait(timeout=5)
except subprocess.TimeoutExpired:
    proc.kill()

3. 错误信息脱敏

# 不暴露内部实现细节
return {"error": "扫描执行失败", "tool": "nmap"}
# 详细错误记录到日志
logger.error(f"Nmap scan failed")

4. 审计日志

日志位置:

/var/log/li-base-scan.log

2024-01-01 10:00:00 - INFO - Starting scan: mode=quick, target_hash=a1b2c3d4

依赖工具

# 安装所有依赖
apt-get update
apt-get install -y nmap lynis nikto sqlmap

# trivy安装
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh

使用建议

快速检查 (日常)

python3 scripts/li_base_scan.py -c "快速扫描 127.0.0.1"

定期深度扫描 (每周)

python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export markdown

Web应用测试

python3 scripts/li_base_scan.py http://localhost:8080 --mode web

查看历史趋势

python3 scripts/li_base_scan.py --history

安全警告

⚠️ 仅扫描您拥有或获得明确授权的系统！

• 未经授权的扫描可能违反法律
• sqlmap测试需谨慎，可能触发WAF/IDS
• 生产环境请使用--safe-mode避免破坏性测试

故障排除

扫描超时

# 增加超时时间
python3 scripts/li_base_scan.py 127.0.0.1 --timeout 600

禁用进度条

# JSON输出或禁用进度
python3 scripts/li_base_scan.py 127.0.0.1 --json
python3 scripts/li_base_scan.py 127.0.0.1 --no-progress

查看日志

tail -f /var/log/li-base-scan.log

---

<a name="english-documentation"></a>

English Documentation

⚠️ Security Restrictions - Important

This tool supports SINGLE HOST scanning only. The following inputs are REJECTED for security reasons:

• ❌ CIDR ranges (e.g., 192.168.1.0/24)
• ❌ IP ranges (e.g., 192.168.1.1-254)
• ❌ Multiple targets (e.g., 192.168.1.1,192.168.1.2)

Allowed target formats:

• ✅ Single IP:

  192.168.1.1

• ✅ Domain:

  scanme.nmap.org

• ✅ Local address:

  127.0.0.1

  ,

  localhost

Overview

Li Base Scan is a Linux security baseline scanner integrating multiple tools. Version 0.0.2 includes:

• Security Hardening - Secure temp files, proper timeout handling, error sanitization
• Progress Display - Real-time progress bar
• Scan History - SQLite database for scan history
• Report Export - Markdown and JSON export support
• AI Analysis - Auto-generated AI analysis blocks

Integrated Tools

Tool	Function	Scan Type
nmap	Port scanning, service detection	Network Layer
lynis	System security audit	Host Layer
nikto	Web vulnerability scanning	Application Layer
sqlmap	SQL injection testing	Application Layer
trivy	Container/filesystem vulnerabilities	Multi-layer

Scan Modes

1. Quick Scan

quick scan 127.0.0.1

• Tool: nmap
• Time: ~30 seconds
• Purpose: Quick port discovery

2. Standard Scan

standard scan 127.0.0.1

• Tools: nmap + lynis
• Time: 2-5 minutes
• Purpose: Port + system configuration audit

3. Full Scan

full scan 127.0.0.1

• Tools: nmap + lynis + trivy
• Time: 5-10 minutes
• Purpose: Comprehensive security assessment

4. Web Focused

web scan http://localhost
scan website http://example.com

• Tools: nmap + nikto
• Time: 2-3 minutes
• Purpose: Web application security detection

5. Compliance

compliance scan 127.0.0.1
baseline check localhost

• Tools: lynis + trivy
• Time: 3-5 minutes
• Purpose: CIS baseline compliance check

6. Stealth [v0.0.2 New]

stealth scan 192.168.1.1
slow scan target.com

• Tool: nmap (stealth mode)
• Time: 5-10 minutes
• Purpose: Avoid IDS/IPS detection

Command Line Usage

Basic Scanning

# Quick scan
python3 scripts/li_base_scan.py 127.0.0.1 --mode quick

# Standard scan
python3 scripts/li_base_scan.py 127.0.0.1 --mode standard

# Full scan
python3 scripts/li_base_scan.py 127.0.0.1 --mode full

Conversation Mode

python3 scripts/li_base_scan.py -c "quick scan 127.0.0.1"

Export Reports [v0.0.2 New]

# Export Markdown report
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export markdown

# Export JSON report
python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export json

View History [v0.0.2 New]

python3 scripts/li_base_scan.py --history

JSON Output

python3 scripts/li_base_scan.py 127.0.0.1 --mode standard --json

Output Format

Console Report

• Executive Summary - Overall risk rating
• Network Discovery - nmap port scan results
• System Audit - lynis compliance score and recommendations
• Web Security - Web vulnerabilities found by nikto
• Vulnerability List - CVEs discovered by trivy
• Remediation - Prioritized action items
• AI Analysis Block - Raw data for LLM analysis

Exported Files [v0.0.2 New]

Reports saved to:

/root/.openclaw/skills/li-base-scan/reports/

• scan_<hash>_<timestamp>.md

  - Markdown format

• scan_<hash>_<timestamp>.json

  - JSON format

History [v0.0.2 New]

Database location:

/root/.openclaw/skills/li-base-scan/history.db

v0.0.2 Security Enhancements

1. Secure Temp Files

# Use tempfile.NamedTemporaryFile instead of hardcoded paths
with tempfile.NamedTemporaryFile(mode='w', suffix='.json', 
                                 delete=False, dir='/tmp') as f:
    temp_file = f.name
os.chmod(temp_file, 0o600)  # Restrict permissions

2. Proper Timeout Handling

# Properly terminate subprocess after timeout
proc.terminate()
try:
    proc.wait(timeout=5)
except subprocess.TimeoutExpired:
    proc.kill()

3. Error Sanitization

# Don't expose internal implementation details
return {"error": "Scan execution failed", "tool": "nmap"}
# Log detailed errors
logger.error(f"Nmap scan failed")

4. Audit Logging

Log location:

/var/log/li-base-scan.log

2024-01-01 10:00:00 - INFO - Starting scan: mode=quick, target_hash=a1b2c3d4

Dependencies

# Install all dependencies
apt-get update
apt-get install -y nmap lynis nikto sqlmap

# Install trivy
curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh

Usage Recommendations

Quick Check (Daily)

python3 scripts/li_base_scan.py -c "quick scan 127.0.0.1"

Periodic Deep Scan (Weekly)

python3 scripts/li_base_scan.py 127.0.0.1 --mode full --export markdown

Web Application Testing

python3 scripts/li_base_scan.py http://localhost:8080 --mode web

View History Trends

python3 scripts/li_base_scan.py --history

Security Warning

⚠️ Only scan systems you own or have explicit authorization to scan!

• Unauthorized scanning may violate laws
• sqlmap tests should be used cautiously, may trigger WAF/IDS
• Use --safe-mode in production to avoid destructive testing

Troubleshooting

Scan Timeout

# Increase timeout
python3 scripts/li_base_scan.py 127.0.0.1 --timeout 600

Disable Progress Bar

# JSON output or disable progress
python3 scripts/li_base_scan.py 127.0.0.1 --json
python3 scripts/li_base_scan.py 127.0.0.1 --no-progress

View Logs

tail -f ~/.openclaw/logs/li-base-scan.log

---

📞 Contact / 联系方式

Author: 北京老李 (Beijing Lao Li)
Email: (请添加您的邮箱)
GitHub: (请添加您的GitHub链接)

---

Made with ❤️ by 北京老李 (Beijing Lao Li)