bashscripts/scan_chk.sh

40 lines
1.6 KiB
Bash
Raw Normal View History

2022-09-29 12:27:20 +02:00
#!/bin/bash
# uncomment when use script from cron
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
2023-07-25 17:20:02 +02:00
# variables
2023-07-21 10:30:04 +02:00
LOGFILE="$(hostname)_chkrootkit-$(date +'%Y-%m-%d').txt";
GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
2023-07-25 17:20:02 +02:00
LOGS_RELATIVE_PATH="security/"
2022-09-29 12:27:20 +02:00
readonly TOKEN="<TOKEN_GOTIFY_APP>"
2023-07-25 17:20:02 +02:00
# vars chkrootkit
2022-09-29 12:27:20 +02:00
SNIFFERS_WHITELIST="dhclient"
FILES_WHITELIST="/usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document "
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htaccess "
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htpasswd "
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/*/.htaccess "
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/*/.htpasswd"
OUT=$(chkrootkit -q -s "$SNIFFERS_WHITELIST" -e "$FILES_WHITELIST")
if [ -n "$OUT" ]
then
2023-07-21 10:30:04 +02:00
issues=$(echo "$OUT" | wc -l)
OUT=$(echo "$OUT" | sed -z 's/\n/\\n/g')
echo $OUT > "./$LOGFILE"
# send log to logs public archive
2023-07-25 17:20:02 +02:00
LOG_URL=$(sh ./utils/logger.sh "./$LOGFILE" $LOGS_RELATIVE_PATH)
2023-07-21 10:30:04 +02:00
# delete local log
rm $LOGFILE
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} There are **$issues** security issues \r"
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
sh ./utils/gotifypush.sh "CHK Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
2022-09-29 12:27:20 +02:00
else
echo "[chkrootkit] system clean"
fi