📦

girste/mcp-cybersec-watchdog

time monitoring with anomaly detection across 23 analyzers: firewall, SSH, fail2ban, Docker, CVE, rootkit, SSL/TLS, filesystem, network, and more.

0 installs

Trust: 39 — Low

Files

Ask AI about girste/mcp-cybersec-watchdog

I know everything about girste/mcp-cybersec-watchdog. Ask me about installation, configuration, usage, or troubleshooting.

0/500

Loading tools...

Reviews

Documentation

Chihuaudit

🎯 What is Chihuaudit?

A portable, single-binary system auditing tool for Linux. Like Lynis but faster and smarter.

No configuration needed. No dependencies. Just run.

sudo ./chihuaudit audit

✨ Features

🔒 Security: Firewall, SSH hardening, SSL/TLS, fail2ban, SUID binaries, open ports
🚀 Services: Systemd services, web servers, databases, Docker
💻 Resources: CPU, RAM, disk usage, top processes
💾 Storage: SMART health, inode usage, filesystem errors
🗄️ Databases: PostgreSQL, MySQL, Redis health checks
🐳 Docker: Container status, resource usage, volumes
🌐 Network: DNS resolution, latency, interfaces, connections
📦 Backups: Backup detection and freshness checks
📝 Logs: Error analysis, SSH attempts, service restarts
⏰ Monitoring: Continuous mode with Discord webhook notifications

🤖 Claude Skill Alternative

Chihuaudit Skill

Don't want to install anything? Use the Claude Skill version instead!

Execute the same comprehensive system audit directly through Claude (Sonnet, Opus, or Haiku) using native shell commands - no binary installation required.

Key Benefits:

🚀 Zero Installation - Works immediately with sudo access
🔄 Consistent Results - 1+ year of production use with extremely reliable output
📊 Same Coverage - All 87 checks, 10 categories, identical methodology
⚡ Fast - 30-90 second execution time

Requirements: Linux with systemd, sudo NOPASSWD configured, Claude with shell access

Documentation: docs/skill/chihuaudit-skill.md

🚀 Quick Start

Build

make build
# or
./build.sh

Run

# Single audit
sudo ./bin/chihuaudit audit

# JSON output
sudo ./bin/chihuaudit audit --json

# Continuous monitoring
sudo ./bin/chihuaudit monitor --interval=5m

# Generate config
./bin/chihuaudit init-config

📊 Example Output

Terminal Output

=== CHIHUAUDIT REPORT ===
Timestamp: 2026-02-05 12:38:27
Hostname: server.example.com
OS: Ubuntu 24.04.3 LTS

--- 1. SECURITY ---
Firewall: active (ufw) ✓
SSH: active
SSH Port: 2244
SSH Password Auth: disabled ✓
SSH Root Login: no ✓
External Ports: [443, 80, 2244]
Localhost-Only Ports: [5432, 6379]
SSL Certificates: 5 (all valid)

--- 2. SERVICES ---
Total Running: 31
Failed: 0 ✓
Web: caddy (active)
Database: postgresql (active)

[... 8 more categories ...]

Total Checks: 87

🔧 Webhook Notifications

Chihuaudit supports webhook notifications for real-time monitoring alerts. While optimized for Discord, it works with any webhook-compatible service (Slack, Microsoft Teams, Mattermost, custom endpoints, etc.).

Color-coded alerts: 🟢 Green (healthy), 🟡 Yellow (warnings), 🔴 Red (critical)

Setup

# Generate default config
./bin/chihuaudit init-config

# Edit configuration
nano ~/.chihuaudit/config.json

Configuration

{
  "discord_webhook": "https://discord.com/api/webhooks/YOUR_WEBHOOK_ID/YOUR_WEBHOOK_TOKEN",
  "notification_whitelist": {
    "cpu_threshold": 70,
    "memory_threshold": 70,
    "disk_threshold": 85,
    "ignore_changes": ["uptime", "active_connections"]
  }
}

Webhook Compatibility

Discord (native support):

Rich embeds with color-coded alerts
Custom avatar and username
Timestamp and structured fields

Slack (works with minor format differences):

Use discord_webhook field with your Slack webhook URL
Embeds translate to Slack attachments
Colors and formatting preserved

Other services:

Any service accepting JSON POST with embeds field
Microsoft Teams incoming webhooks
Mattermost webhooks
Custom webhook handlers

Alert Thresholds

CPU Load: Trigger when load average exceeds threshold
Memory Usage: Alert on RAM usage percentage
Disk Space: Warning when disk usage crosses limit
Ignore List: Skip notifications for frequently changing metrics

Monitoring Mode

# Monitor every 5 minutes with webhook alerts
sudo ./bin/chihuaudit monitor --interval=5m

Changes are detected and only significant events trigger notifications, reducing alert fatigue.

🎯 Design Philosophy

Universal: Works on any Linux distro without configuration
Portable: Single static binary, zero dependencies
Safe: Read-only checks, no system modifications
Fast: Parallel execution, ~1 second for full audit
Simple: Minimal code, maximum clarity
Automated: Perfect for CI/CD and monitoring

📖 Documentation

🏗️ Architecture

chihuaudit/
├── main.go           # CLI entry point
├── checks/           # 10 audit categories
│   ├── security.go   # Firewall, SSH, SSL, ports
│   ├── services.go   # Systemd, web, DB servers
│   ├── resources.go  # CPU, RAM, disk
│   └── ...
├── detect/           # OS/tool detection
├── notify/           # Discord webhooks
├── report/           # Text/JSON formatters
└── state/            # Change tracking

🤝 Contributing

Contributions welcome! See CONTRIBUTING.md for guidelines.

Keep code:

Simple: Minimal, readable, maintainable
Portable: Detection-based, no hardcoded paths
Safe: No shell injection, no user input in commands
Consistent: Follow existing patterns

📜 License

MIT License - see LICENSE for details

Made with ❤️ for sysadmins everywhere