improve scan scripts
This commit is contained in:
parent
a7bef2e015
commit
3404a130c0
@ -16,7 +16,7 @@ FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/test
|
||||
OUT=$(chkrootkit -q -s "$SNIFFERS_WHITELIST" -e "$FILES_WHITELIST")
|
||||
if [ -n "$OUT" ]
|
||||
then
|
||||
sh ./gotifypush.sh "CHK Scan handycat cloud" "$OUT" 5 $TOKEN
|
||||
sh ./utils/gotifypush.sh "CHK Scan $(hostname)" "$OUT" 5 $TOKEN
|
||||
else
|
||||
echo "[chkrootkit] system clean"
|
||||
fi
|
||||
|
||||
20
scan_clam.sh
20
scan_clam.sh
@ -1,9 +1,13 @@
|
||||
#!/bin/bash
|
||||
LOGDIR="/var/log/clamav/scan/";
|
||||
LOGFILE="clamav-$(date +'%Y-%m-%d').log";
|
||||
DIRTOSCAN="/path/to/folder/to/scan"; #multiple folders separate by space
|
||||
LOGFILE="kerodes_clamav-$(date +'%Y-%m-%d').log";
|
||||
#DIRTOSCAN="/home/roger/Públic /home/roger/Baixades/targets"; #multiple folders separate by space
|
||||
DIRTOSCAN="/home/roger/Baixades/targets"; #multiple folders separate by space
|
||||
readonly TOKEN="<TOKEN_GOTIFY_APP>";
|
||||
readonly GOTIFY_SERVER="<GOTIFY_URL_SERVER>"
|
||||
LOG_PRESERVE_DAYS=30;
|
||||
GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
|
||||
MALWARE_FOUND=false
|
||||
|
||||
mkdir -p $LOGDIR
|
||||
|
||||
@ -20,12 +24,22 @@ for S in ${DIRTOSCAN}; do
|
||||
|
||||
# if the value is not equal to zero, send an email with the log file attached
|
||||
if [ "$MALWARE" -ne "0" ];then
|
||||
sh ./gotifypush.sh "CLAMAV Scan Kerodes Studi7" "Scanned folder: **$S** \r $MALWARE" 5 $TOKEN
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Found **$MALWARE** infected files into **$S** \r"
|
||||
MALWARE_FOUND=true
|
||||
else
|
||||
echo "[clamav] No infected files found."
|
||||
fi
|
||||
done
|
||||
|
||||
if $MALWARE_FOUND
|
||||
then
|
||||
# send log to logs public archive
|
||||
LOG_URL=$(sh ./utils/logger.sh "$LOGDIR$LOGFILE")
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
|
||||
sh ./utils/gotifypush.sh "ClamAV Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
|
||||
fi
|
||||
|
||||
#clean old logs files
|
||||
find $LOGDIR -maxdepth 1 -mtime +$LOG_PRESERVE_DAYS -exec "rm" -R {} \;
|
||||
|
||||
|
||||
@ -8,7 +8,7 @@ readonly TOKEN="<TOKEN_GOTIFY_APP>"
|
||||
OUT=$(rkhunter -c -sk --rwo)
|
||||
if [ -n "$OUT" ]
|
||||
then
|
||||
sh ./gotifypush.sh "RKH Scan handycat cloud" "$OUT" 5 $TOKEN
|
||||
sh ./utils/gotifypush.sh "RKH Scan $(hostname)" "$OUT" 5 $TOKEN
|
||||
else
|
||||
echo "[rkhunter] system clean"
|
||||
fi
|
||||
|
||||
@ -25,5 +25,5 @@ else
|
||||
updates=$(echo $updates|tr -d '\n')
|
||||
OUT="There are **$num** updates: \r"
|
||||
OUT="${OUT} Packages: *$updates*"
|
||||
sh ./gotifypush.sh "Hostname pending updates" "$OUT" 5 $TOKEN
|
||||
sh ./utils/gotifypush.sh "$(hostname) pending updates" "$OUT" 5 $TOKEN
|
||||
fi
|
||||
|
||||
@ -18,6 +18,11 @@ else
|
||||
EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}}"
|
||||
fi
|
||||
|
||||
# prevent gotify post error: invalid character '\\n' in string literal
|
||||
# scape \\n newlines for json
|
||||
# https://unix.stackexchange.com/questions/453883/how-to-escape-new-line-characters-for-json
|
||||
MESSAGE=$(echo "$MESSAGE" | sed -z 's/\n/\\n/g')
|
||||
|
||||
# better curl usage https://github.com/gotify/server/issues/68
|
||||
#curl --silent --output /dev/null --show-error --fail -X .... #silent curl execution, no output, only html code if error
|
||||
curl -X POST "${URL}" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${MESSAGE}\", \"priority\": ${PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"
|
||||
32
utils/logger.sh
Normal file
32
utils/logger.sh
Normal file
@ -0,0 +1,32 @@
|
||||
#!/bin/bash
|
||||
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
|
||||
|
||||
#Use ./logger.sh <logfile>
|
||||
|
||||
# Log parameters
|
||||
REMOTE_SERVER="estudiset.backups"
|
||||
REMOTE_PATH="/var/www/html/logs/clamav/"
|
||||
PUBLIC_LOG_URL="https://logs.studi7.com/clamav/"
|
||||
LOG_PRESERVE_DAYS=30
|
||||
|
||||
# create remote folder to store logs if not exist
|
||||
ssh $REMOTE_SERVER "mkdir -p $REMOTE_PATH"
|
||||
|
||||
# Copy local logfile to remote destination
|
||||
scp $1 "$REMOTE_SERVER:$REMOTE_PATH"
|
||||
|
||||
# Clear x days old remote logs
|
||||
ssh $REMOTE_SERVER 'bash -s' << EOF
|
||||
find $REMOTE_PATH -maxdepth 1 -mtime +$LOG_PRESERVE_DAYS -exec "rm" -R {} \;
|
||||
EOF
|
||||
|
||||
# return final log url
|
||||
# get file name in case of $1 is a path
|
||||
file=$(basename -- "$1")
|
||||
extension=${file##*.}
|
||||
base=$(basename "${file%.*}")
|
||||
# change to txt if log is another text format
|
||||
if [ $extension != "txt" ]; then
|
||||
ssh $REMOTE_SERVER "mv $REMOTE_PATH$file $REMOTE_PATH$base.txt"
|
||||
fi
|
||||
echo "${PUBLIC_LOG_URL}${base}.txt"
|
||||
@ -1,23 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
#require:
|
||||
#wp-cli https://wp-cli.org/#installing
|
||||
#wp-updater https://github.com/keesiemeijer/wp-update
|
||||
|
||||
#get accounts and domains
|
||||
/usr/local/cpanel/scripts/updateuserdomains
|
||||
cat /etc/trueuserdomains
|
||||
|
||||
#https://docs.cpanel.net/whm/scripts/whm-scripts/
|
||||
#https://docs.cpanel.net/whm/account-functions/manage-shell-access/
|
||||
#https://support.cpanel.net/hc/en-us/articles/360051992634-Differences-Between-Normal-and-Jailed-Shell
|
||||
#https://www.cyberciti.biz/tips/how-do-i-find-out-what-shell-im-using.html
|
||||
|
||||
#get bash from user
|
||||
grep "^$USER" /etc/passwd
|
||||
awk -F: '/$USER/ { print $7}' /etc/passwd
|
||||
|
||||
#change shell
|
||||
usermod -s /bin/false $USER
|
||||
|
||||
#https://github.com/layfellow/cpanel-cli (?)
|
||||
Loading…
x
Reference in New Issue
Block a user