Security Tools
A collection of security scripts versioned in this repository.
Claude Code Context
This project is maintained with Claude Code. The working directory on macOS is:
/Users/petermarfleet/code/bin/security
To resume work in Claude Code from this directory:
cd /Users/petermarfleet/code/bin/security
claude
Cloning to a New Machine
If git is not installed (e.g. a fresh LXC/VM):
apt install git -y
Then clone and run setup:
On Tailscale:
git clone http://100.120.125.113:3000/pdm/security-tools.git
cd security-tools
bash setup.sh
Without Tailscale:
git clone https://gitea.pdmarf.co.uk/pdm/security-tools.git
cd security-tools
bash setup.sh
To clone to a specific path:
git clone http://100.120.125.113:3000/pdm/security-tools.git /path/to/destination
Activating on a New VM
After cloning, run setup.sh once. It will:
- Ask for your Telegram bot token and chat ID
- Register cron jobs to run scans daily at 08:00
- Send a test Telegram message confirming the VM is active
- Create a
logs/folder — logs are kept for 60 days then auto-deleted
Whitelisting Known-Safe Findings
If a script flags something you know is safe, add it to whitelist.conf on that VM to suppress it in future scans. This file is VM-specific and never committed to git.
Add a package name:
echo "ua-parser-js" >> ~/security-tools/whitelist.conf
Add a file path:
echo "/tmp/my-known-script.sh" >> ~/security-tools/whitelist.conf
View or edit the whitelist:
nano ~/security-tools/whitelist.conf
Checking Script Versions
To see which version of a script is running on a VM:
head -2 ~/security-tools/npm-security-check.sh
head -2 ~/security-tools/check-nextjs-rce.sh
Updating an Existing VM
When changes are pushed to this repo, update any VM by running:
cd ~/security-tools
git pull
bash setup.sh
setup.sh is safe to re-run — it skips steps already completed.