pdm/security-tools
Public Access
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
20 Commits 1 Branch 0 Tags
50aa38712ed9114b241afcb9cea2cf26d75479e3
Commit Graph

20 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
pdmarf
50aa38712e Add bind-ssh-tailscale.sh as standalone manual-run script 
Places the script in standalone/ so it is excluded from setup.sh automation.
Documents manual curl-and-run usage in README.md.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-19 14:22:56 +01:00
pdmarf
c5037c0ac0 Fix branch name in README-scanner.md curl command (main -> master) 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-19 11:01:13 +01:00
pdmarf
f257fcfcb9 Set git pull.rebase false in setup.sh to prevent divergent branch errors 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-18 16:59:15 +01:00
pdmarf
d9b4592c50 Fix setup.sh to print only current run of npm sudo config audit 
Use tee -a instead of redirect + cat, so only the current run's output
is shown rather than the entire accumulated daily log.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-18 16:37:32 +01:00
pdmarf
72a8f37290 Add check-npm-sudo-config docs and print audit log on setup 
- README: add Scripts section explaining what check-npm-sudo-config.sh
  does, what it checks, and that it is audit-only
- setup.sh: print check-npm-sudo-config log to terminal after initial scan

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-18 16:32:34 +01:00
pdmarf
4eee88a004 Add file logging to check-npm-sudo-config.sh v1.0 2026-04-18 10:07:29 +01:00
pdmarf
d2a0a0f4cc Remove committed logs and ignore all *.log files 2026-04-18 09:58:39 +01:00
pdmarf
94437506fa npm config checker 2026-04-18 09:57:36 +01:00
pdm
080073a7d7 Add npm sudo config audit script 
Checks npm prefix ownership, PATH wiring, cache ownership, shell history
for sudo npm usage, and n/nvm version manager config. Runs daily at 08:10
via cron and on initial setup.sh run.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-04-18 08:47:32 +00:00
pdmarf
dc299e4262 Only send Telegram alert for critical issues, not warnings 2026-04-17 22:58:14 +01:00
pdmarf
9b35a0b338 Ignore own process in root Node process check 2026-04-17 22:55:36 +01:00
pdmarf
75e1957a26 Add public Gitea URL for non-Tailscale installs 2026-04-17 22:54:51 +01:00
pdmarf
537676801f Add git install instruction for fresh LXC/VM 2026-04-17 22:48:14 +01:00
pdmarf
584257bbef Run all scripts on initial setup 2026-04-17 22:41:02 +01:00
pdmarf
741bb7987f Add setup, activation and update instructions to README 2026-04-17 22:30:20 +01:00
pdmarf
3263790760 Store logs in logs/ folder with 60 day retention 
- Logs go to logs/YYYYMMDD.log per script per day
- Cleanup cron runs at 09:00 daily, deletes logs older than 60 days
- logs/ gitignored
 2026-04-17 22:29:46 +01:00
pdmarf
5d7ac62617 Add Telegram alerts, setup script, and cron registration 
- setup.sh: run once after cloning to configure credentials and register cron jobs
- config.sh gitignored so credentials never enter the repo
- Both scripts notify Telegram on issues/warnings, including hostname
- Cron runs npm-security-check at 08:00 and check-nextjs-rce at 08:05 daily
 2026-04-17 22:11:58 +01:00
pdmarf
130f4f4a34 Add clone instructions to README 2026-04-17 21:53:09 +01:00
pdmarf
2ea06aff70 Add README with Claude Code context path 
Documents the macOS working directory and how to resume Claude Code sessions.
 2026-04-17 21:52:15 +01:00
pdmarf
93b02d0124 Initial commit: consolidate security scripts 
Bring in check-nextjs-rce.sh and README-scanner.md from existing Gitea repo,
plus npm-security-check.sh from local bin/security.
 2026-04-17 21:51:27 +01:00