Run a security scan on the current Linux server to detect malware, backdoors, rootkits, cryptominers, exposed credentials, and misconfigurations. Use when the user asks to check server security, scan for threats, audit the system, or investigate a potential compromise.
Run a security scan on this server using sentinel-scan.
command -v sentinel 2>/dev/null || npm install -g sentinel-scan
If $ARGUMENTS is provided, use it as the module list:
sentinel --format json --modules $ARGUMENTS 2>/dev/null
If no arguments, run a full scan:
sentinel --format json 2>/dev/null
Read the JSON output and present a clear summary to the user:
If the scan finds CRITICAL or HIGH findings, clearly warn the user and prioritize those findings at the top of your response.
Do NOT automatically remediate. Present findings and recommendations, then let the user decide what to fix.
| Module | What It Checks |
|---|---|
processes | Running processes — malware, cryptominers, suspicious paths |
network | Listening ports, outbound connections, C2 servers, mining pools |
systemd | Enabled services — malicious persistence mechanisms |
crontabs | Scheduled tasks — download-and-execute, base64 payloads |
rootkit | ld.so.preload, suspicious shared libraries, /etc/data |
ssh | SSH config hardening, authorized keys, active sessions |
shell | Shell profiles — backdoors, reverse shells, injected commands |
filesystem | Executables in /tmp, SUID binaries, hidden directories |
firewall | UFW, fail2ban, iptables rules |
credentials | .env files, service account keys, git credentials, SSH keys |
0 — Clean1 — Low/info findings only2 — Medium findings3 — High or critical findingsIf you need to use sentinel-scan from Node.js/TypeScript code:
import { scan, formatResult } from 'sentinel-scan';
const result = await scan({ modules: ['processes', 'network', 'rootkit'] });
// result.summary.status → "CLEAN" | "COMPROMISED" | etc.
// result.findings → array of { severity, title, description, remediation }
/security-scan
/security-scan processes,network,rootkit
/security-scan credentials