diff --git a/scan_chk.sh b/scan_chk.sh index 87d2a84..9093cb8 100644 --- a/scan_chk.sh +++ b/scan_chk.sh @@ -16,7 +16,7 @@ FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/test OUT=$(chkrootkit -q -s "$SNIFFERS_WHITELIST" -e "$FILES_WHITELIST") if [ -n "$OUT" ] then - sh ./gotifypush.sh "CHK Scan handycat cloud" "$OUT" 5 $TOKEN + sh ./utils/gotifypush.sh "CHK Scan $(hostname)" "$OUT" 5 $TOKEN else echo "[chkrootkit] system clean" fi diff --git a/scan_clam.sh b/scan_clam.sh index 3f74690..2fb8acb 100644 --- a/scan_clam.sh +++ b/scan_clam.sh @@ -1,9 +1,13 @@ #!/bin/bash LOGDIR="/var/log/clamav/scan/"; -LOGFILE="clamav-$(date +'%Y-%m-%d').log"; -DIRTOSCAN="/path/to/folder/to/scan"; #multiple folders separate by space +LOGFILE="kerodes_clamav-$(date +'%Y-%m-%d').log"; +#DIRTOSCAN="/home/roger/Públic /home/roger/Baixades/targets"; #multiple folders separate by space +DIRTOSCAN="/home/roger/Baixades/targets"; #multiple folders separate by space readonly TOKEN=""; +readonly GOTIFY_SERVER="" LOG_PRESERVE_DAYS=30; +GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r" +MALWARE_FOUND=false mkdir -p $LOGDIR @@ -20,12 +24,22 @@ for S in ${DIRTOSCAN}; do # if the value is not equal to zero, send an email with the log file attached if [ "$MALWARE" -ne "0" ];then - sh ./gotifypush.sh "CLAMAV Scan Kerodes Studi7" "Scanned folder: **$S** \r $MALWARE" 5 $TOKEN + GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Found **$MALWARE** infected files into **$S** \r" + MALWARE_FOUND=true else echo "[clamav] No infected files found." fi done +if $MALWARE_FOUND +then + # send log to logs public archive + LOG_URL=$(sh ./utils/logger.sh "$LOGDIR$LOGFILE") + GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r" + GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)" + sh ./utils/gotifypush.sh "ClamAV Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN +fi + #clean old logs files find $LOGDIR -maxdepth 1 -mtime +$LOG_PRESERVE_DAYS -exec "rm" -R {} \; diff --git a/scan_rkh.sh b/scan_rkh.sh index 7762fb8..e27002b 100644 --- a/scan_rkh.sh +++ b/scan_rkh.sh @@ -8,7 +8,7 @@ readonly TOKEN="" OUT=$(rkhunter -c -sk --rwo) if [ -n "$OUT" ] then - sh ./gotifypush.sh "RKH Scan handycat cloud" "$OUT" 5 $TOKEN + sh ./utils/gotifypush.sh "RKH Scan $(hostname)" "$OUT" 5 $TOKEN else echo "[rkhunter] system clean" fi diff --git a/updates_notifier.sh b/updates_notifier.sh index db562c1..e42457e 100644 --- a/updates_notifier.sh +++ b/updates_notifier.sh @@ -25,5 +25,5 @@ else updates=$(echo $updates|tr -d '\n') OUT="There are **$num** updates: \r" OUT="${OUT} Packages: *$updates*" - sh ./gotifypush.sh "Hostname pending updates" "$OUT" 5 $TOKEN + sh ./utils/gotifypush.sh "$(hostname) pending updates" "$OUT" 5 $TOKEN fi diff --git a/gotifypush.sh b/utils/gotifypush.sh similarity index 79% rename from gotifypush.sh rename to utils/gotifypush.sh index 888ab22..f205830 100644 --- a/gotifypush.sh +++ b/utils/gotifypush.sh @@ -18,6 +18,11 @@ else EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}}" fi +# prevent gotify post error: invalid character '\\n' in string literal +# scape \\n newlines for json +# https://unix.stackexchange.com/questions/453883/how-to-escape-new-line-characters-for-json +MESSAGE=$(echo "$MESSAGE" | sed -z 's/\n/\\n/g') + # better curl usage https://github.com/gotify/server/issues/68 #curl --silent --output /dev/null --show-error --fail -X .... #silent curl execution, no output, only html code if error curl -X POST "${URL}" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${MESSAGE}\", \"priority\": ${PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }" diff --git a/utils/logger.sh b/utils/logger.sh new file mode 100644 index 0000000..578fd66 --- /dev/null +++ b/utils/logger.sh @@ -0,0 +1,32 @@ +#!/bin/bash +PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin + +#Use ./logger.sh + +# Log parameters +REMOTE_SERVER="estudiset.backups" +REMOTE_PATH="/var/www/html/logs/clamav/" +PUBLIC_LOG_URL="https://logs.studi7.com/clamav/" +LOG_PRESERVE_DAYS=30 + +# create remote folder to store logs if not exist +ssh $REMOTE_SERVER "mkdir -p $REMOTE_PATH" + +# Copy local logfile to remote destination +scp $1 "$REMOTE_SERVER:$REMOTE_PATH" + +# Clear x days old remote logs +ssh $REMOTE_SERVER 'bash -s' << EOF +find $REMOTE_PATH -maxdepth 1 -mtime +$LOG_PRESERVE_DAYS -exec "rm" -R {} \; +EOF + +# return final log url +# get file name in case of $1 is a path +file=$(basename -- "$1") +extension=${file##*.} +base=$(basename "${file%.*}") +# change to txt if log is another text format +if [ $extension != "txt" ]; then + ssh $REMOTE_SERVER "mv $REMOTE_PATH$file $REMOTE_PATH$base.txt" +fi +echo "${PUBLIC_LOG_URL}${base}.txt" diff --git a/wordpress_cpanel_updater.sh b/wordpress_cpanel_updater.sh deleted file mode 100644 index ce43b19..0000000 --- a/wordpress_cpanel_updater.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/usr/bin/env bash - -#require: -#wp-cli https://wp-cli.org/#installing -#wp-updater https://github.com/keesiemeijer/wp-update - -#get accounts and domains -/usr/local/cpanel/scripts/updateuserdomains -cat /etc/trueuserdomains - -#https://docs.cpanel.net/whm/scripts/whm-scripts/ -#https://docs.cpanel.net/whm/account-functions/manage-shell-access/ -#https://support.cpanel.net/hc/en-us/articles/360051992634-Differences-Between-Normal-and-Jailed-Shell -#https://www.cyberciti.biz/tips/how-do-i-find-out-what-shell-im-using.html - -#get bash from user -grep "^$USER" /etc/passwd -awk -F: '/$USER/ { print $7}' /etc/passwd - -#change shell -usermod -s /bin/false $USER - -#https://github.com/layfellow/cpanel-cli (?)