bashscripts/scan_chk.sh

#!/bin/bash

# uncomment when use script from cron
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin

# variables
LOGFILE="$(hostname)_chkrootkit-$(date +'%Y-%m-%d').txt";
GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"**  \r"
LOGS_RELATIVE_PATH="security/"
readonly TOKEN="<TOKEN_GOTIFY_APP>"

# vars chkrootkit
SNIFFERS_WHITELIST="dhclient"
FILES_WHITELIST="/usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document "
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htaccess "
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htpasswd "
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/*/.htaccess "
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/*/.htpasswd"

OUT=$(chkrootkit -q -s "$SNIFFERS_WHITELIST" -e "$FILES_WHITELIST")
if [ -n "$OUT" ]
then
  issues=$(echo "$OUT" | wc -l)
  OUT=$(echo "$OUT" | sed -z 's/\n/\\n/g')
  echo $OUT > "./$LOGFILE"

  # send log to logs public archive
  LOG_URL=$(sh ./utils/logger.sh "./$LOGFILE" $LOGS_RELATIVE_PATH)
  # delete local log
  rm $LOGFILE

  GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"**  \r"
  GOTIFY_MESSAGE="${GOTIFY_MESSAGE} There are **$issues** security issues  \r"
  GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"

  sh ./utils/gotifypush.sh "CHK Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
else
        echo "[chkrootkit] system clean"
fi
upload scan scripts and update README 2022-09-29 12:27:20 +02:00			`#!/bin/bash`

set PATH to make sure find all commands when execute script from crontab 2023-07-26 01:04:47 +02:00			`# uncomment when use script from cron`
			`PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin`

version to use environment variables 2023-07-25 17:20:02 +02:00			`# variables`
done #2 2023-07-21 10:30:04 +02:00			`LOGFILE="$(hostname)_chkrootkit-$(date +'%Y-%m-%d').txt";`
			GOTIFY_MESSAGE="Scan init: "`date +"%d/%m/%Y %H:%M:%S"`" \r"
version to use environment variables 2023-07-25 17:20:02 +02:00			`LOGS_RELATIVE_PATH="security/"`
upload scan scripts and update README 2022-09-29 12:27:20 +02:00			`readonly TOKEN="<TOKEN_GOTIFY_APP>"`

version to use environment variables 2023-07-25 17:20:02 +02:00			`# vars chkrootkit`
upload scan scripts and update README 2022-09-29 12:27:20 +02:00			`SNIFFERS_WHITELIST="dhclient"`
			`FILES_WHITELIST="/usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document "`
			`FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htaccess "`
			`FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htpasswd "`
			`FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth///.htaccess "`
			`FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth///.htpasswd"`

			`OUT=$(chkrootkit -q -s "$SNIFFERS_WHITELIST" -e "$FILES_WHITELIST")`
			`if [ -n "$OUT" ]`
			`then`
done #2 2023-07-21 10:30:04 +02:00			`issues=$(echo "$OUT" \| wc -l)`
			`OUT=$(echo "$OUT" \| sed -z 's/\n/\\n/g')`
			`echo $OUT > "./$LOGFILE"`

			`# send log to logs public archive`
version to use environment variables 2023-07-25 17:20:02 +02:00			`LOG_URL=$(sh ./utils/logger.sh "./$LOGFILE" $LOGS_RELATIVE_PATH)`
done #2 2023-07-21 10:30:04 +02:00			`# delete local log`
			`rm $LOGFILE`

			GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: "`date +"%d/%m/%Y %H:%M:%S"`" \r"
			`GOTIFY_MESSAGE="${GOTIFY_MESSAGE} There are $issues security issues \r"`
			`GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"`

			`sh ./utils/gotifypush.sh "CHK Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN`
upload scan scripts and update README 2022-09-29 12:27:20 +02:00			`else`
			`echo "[chkrootkit] system clean"`
			`fi`