girste/mcp-cybersec-watchdog
time monitoring with anomaly detection across 23 analyzers: firewall, SSH, fail2ban, Docker, CVE, rootkit, SSL/TLS, filesystem, network, and more.
Ask AI about girste/mcp-cybersec-watchdog
Powered by Claude Β· Grounded in docs
I know everything about girste/mcp-cybersec-watchdog. Ask me about installation, configuration, usage, or troubleshooting.
0/500
Reviews
Documentation
π― What is Chihuaudit?
A portable, single-binary system auditing tool for Linux. Like Lynis but faster and smarter.
No configuration needed. No dependencies. Just run.
sudo ./chihuaudit audit
β¨ Features
- π Security: Firewall, SSH hardening, SSL/TLS, fail2ban, SUID binaries, open ports
- π Services: Systemd services, web servers, databases, Docker
- π» Resources: CPU, RAM, disk usage, top processes
- πΎ Storage: SMART health, inode usage, filesystem errors
- ποΈ Databases: PostgreSQL, MySQL, Redis health checks
- π³ Docker: Container status, resource usage, volumes
- π Network: DNS resolution, latency, interfaces, connections
- π¦ Backups: Backup detection and freshness checks
- π Logs: Error analysis, SSH attempts, service restarts
- β° Monitoring: Continuous mode with Discord webhook notifications
π€ Claude Skill Alternative
Don't want to install anything? Use the Claude Skill version instead!
Execute the same comprehensive system audit directly through Claude (Sonnet, Opus, or Haiku) using native shell commands - no binary installation required.
Key Benefits:
- π Zero Installation - Works immediately with sudo access
- π Consistent Results - 1+ year of production use with extremely reliable output
- π Same Coverage - All 87 checks, 10 categories, identical methodology
- β‘ Fast - 30-90 second execution time
Requirements: Linux with systemd, sudo NOPASSWD configured, Claude with shell access
Documentation: docs/skill/chihuaudit-skill.md
π Quick Start
Build
make build
# or
./build.sh
Run
# Single audit
sudo ./bin/chihuaudit audit
# JSON output
sudo ./bin/chihuaudit audit --json
# Continuous monitoring
sudo ./bin/chihuaudit monitor --interval=5m
# Generate config
./bin/chihuaudit init-config
π Example Output
Terminal Output
=== CHIHUAUDIT REPORT ===
Timestamp: 2026-02-05 12:38:27
Hostname: server.example.com
OS: Ubuntu 24.04.3 LTS
--- 1. SECURITY ---
Firewall: active (ufw) β
SSH: active
SSH Port: 2244
SSH Password Auth: disabled β
SSH Root Login: no β
External Ports: [443, 80, 2244]
Localhost-Only Ports: [5432, 6379]
SSL Certificates: 5 (all valid)
--- 2. SERVICES ---
Total Running: 31
Failed: 0 β
Web: caddy (active)
Database: postgresql (active)
[... 8 more categories ...]
Total Checks: 87
π§ Webhook Notifications
Chihuaudit supports webhook notifications for real-time monitoring alerts. While optimized for Discord, it works with any webhook-compatible service (Slack, Microsoft Teams, Mattermost, custom endpoints, etc.).
Color-coded alerts: π’ Green (healthy), π‘ Yellow (warnings), π΄ Red (critical)
Setup
# Generate default config
./bin/chihuaudit init-config
# Edit configuration
nano ~/.chihuaudit/config.json
Configuration
{
"discord_webhook": "https://discord.com/api/webhooks/YOUR_WEBHOOK_ID/YOUR_WEBHOOK_TOKEN",
"notification_whitelist": {
"cpu_threshold": 70,
"memory_threshold": 70,
"disk_threshold": 85,
"ignore_changes": ["uptime", "active_connections"]
}
}
Webhook Compatibility
Discord (native support):
- Rich embeds with color-coded alerts
- Custom avatar and username
- Timestamp and structured fields
Slack (works with minor format differences):
- Use
discord_webhookfield with your Slack webhook URL - Embeds translate to Slack attachments
- Colors and formatting preserved
Other services:
- Any service accepting JSON POST with
embedsfield - Microsoft Teams incoming webhooks
- Mattermost webhooks
- Custom webhook handlers
Alert Thresholds
CPU Load: Trigger when load average exceeds threshold
Memory Usage: Alert on RAM usage percentage
Disk Space: Warning when disk usage crosses limit
Ignore List: Skip notifications for frequently changing metrics
Monitoring Mode
# Monitor every 5 minutes with webhook alerts
sudo ./bin/chihuaudit monitor --interval=5m
Changes are detected and only significant events trigger notifications, reducing alert fatigue.
π― Design Philosophy
- Universal: Works on any Linux distro without configuration
- Portable: Single static binary, zero dependencies
- Safe: Read-only checks, no system modifications
- Fast: Parallel execution, ~1 second for full audit
- Simple: Minimal code, maximum clarity
- Automated: Perfect for CI/CD and monitoring
π Documentation
ποΈ Architecture
chihuaudit/
βββ main.go # CLI entry point
βββ checks/ # 10 audit categories
β βββ security.go # Firewall, SSH, SSL, ports
β βββ services.go # Systemd, web, DB servers
β βββ resources.go # CPU, RAM, disk
β βββ ...
βββ detect/ # OS/tool detection
βββ notify/ # Discord webhooks
βββ report/ # Text/JSON formatters
βββ state/ # Change tracking
π€ Contributing
Contributions welcome! See CONTRIBUTING.md for guidelines.
Keep code:
- Simple: Minimal, readable, maintainable
- Portable: Detection-based, no hardcoded paths
- Safe: No shell injection, no user input in commands
- Consistent: Follow existing patterns
π License
MIT License - see LICENSE for details
Made with β€οΈ for sysadmins everywhere
