improve scan scripts

This commit is contained in:
Roger Pàmies Fabra 2023-07-20 12:52:12 +02:00
parent a7bef2e015
commit 3404a130c0
7 changed files with 57 additions and 29 deletions

View File

@ -16,7 +16,7 @@ FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/test
OUT=$(chkrootkit -q -s "$SNIFFERS_WHITELIST" -e "$FILES_WHITELIST")
if [ -n "$OUT" ]
then
sh ./gotifypush.sh "CHK Scan handycat cloud" "$OUT" 5 $TOKEN
sh ./utils/gotifypush.sh "CHK Scan $(hostname)" "$OUT" 5 $TOKEN
else
echo "[chkrootkit] system clean"
fi

View File

@ -1,9 +1,13 @@
#!/bin/bash
LOGDIR="/var/log/clamav/scan/";
LOGFILE="clamav-$(date +'%Y-%m-%d').log";
DIRTOSCAN="/path/to/folder/to/scan"; #multiple folders separate by space
LOGFILE="kerodes_clamav-$(date +'%Y-%m-%d').log";
#DIRTOSCAN="/home/roger/Públic /home/roger/Baixades/targets"; #multiple folders separate by space
DIRTOSCAN="/home/roger/Baixades/targets"; #multiple folders separate by space
readonly TOKEN="<TOKEN_GOTIFY_APP>";
readonly GOTIFY_SERVER="<GOTIFY_URL_SERVER>"
LOG_PRESERVE_DAYS=30;
GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
MALWARE_FOUND=false
mkdir -p $LOGDIR
@ -20,12 +24,22 @@ for S in ${DIRTOSCAN}; do
# if the value is not equal to zero, send an email with the log file attached
if [ "$MALWARE" -ne "0" ];then
sh ./gotifypush.sh "CLAMAV Scan Kerodes Studi7" "Scanned folder: **$S** \r $MALWARE" 5 $TOKEN
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Found **$MALWARE** infected files into **$S** \r"
MALWARE_FOUND=true
else
echo "[clamav] No infected files found."
fi
done
if $MALWARE_FOUND
then
# send log to logs public archive
LOG_URL=$(sh ./utils/logger.sh "$LOGDIR$LOGFILE")
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
sh ./utils/gotifypush.sh "ClamAV Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
fi
#clean old logs files
find $LOGDIR -maxdepth 1 -mtime +$LOG_PRESERVE_DAYS -exec "rm" -R {} \;

View File

@ -8,7 +8,7 @@ readonly TOKEN="<TOKEN_GOTIFY_APP>"
OUT=$(rkhunter -c -sk --rwo)
if [ -n "$OUT" ]
then
sh ./gotifypush.sh "RKH Scan handycat cloud" "$OUT" 5 $TOKEN
sh ./utils/gotifypush.sh "RKH Scan $(hostname)" "$OUT" 5 $TOKEN
else
echo "[rkhunter] system clean"
fi

View File

@ -25,5 +25,5 @@ else
updates=$(echo $updates|tr -d '\n')
OUT="There are **$num** updates: \r"
OUT="${OUT} Packages: *$updates*"
sh ./gotifypush.sh "Hostname pending updates" "$OUT" 5 $TOKEN
sh ./utils/gotifypush.sh "$(hostname) pending updates" "$OUT" 5 $TOKEN
fi

View File

@ -18,6 +18,11 @@ else
EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}}"
fi
# prevent gotify post error: invalid character '\\n' in string literal
# scape \\n newlines for json
# https://unix.stackexchange.com/questions/453883/how-to-escape-new-line-characters-for-json
MESSAGE=$(echo "$MESSAGE" | sed -z 's/\n/\\n/g')
# better curl usage https://github.com/gotify/server/issues/68
#curl --silent --output /dev/null --show-error --fail -X .... #silent curl execution, no output, only html code if error
curl -X POST "${URL}" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${MESSAGE}\", \"priority\": ${PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"

32
utils/logger.sh Normal file
View File

@ -0,0 +1,32 @@
#!/bin/bash
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
#Use ./logger.sh <logfile>
# Log parameters
REMOTE_SERVER="estudiset.backups"
REMOTE_PATH="/var/www/html/logs/clamav/"
PUBLIC_LOG_URL="https://logs.studi7.com/clamav/"
LOG_PRESERVE_DAYS=30
# create remote folder to store logs if not exist
ssh $REMOTE_SERVER "mkdir -p $REMOTE_PATH"
# Copy local logfile to remote destination
scp $1 "$REMOTE_SERVER:$REMOTE_PATH"
# Clear x days old remote logs
ssh $REMOTE_SERVER 'bash -s' << EOF
find $REMOTE_PATH -maxdepth 1 -mtime +$LOG_PRESERVE_DAYS -exec "rm" -R {} \;
EOF
# return final log url
# get file name in case of $1 is a path
file=$(basename -- "$1")
extension=${file##*.}
base=$(basename "${file%.*}")
# change to txt if log is another text format
if [ $extension != "txt" ]; then
ssh $REMOTE_SERVER "mv $REMOTE_PATH$file $REMOTE_PATH$base.txt"
fi
echo "${PUBLIC_LOG_URL}${base}.txt"

View File

@ -1,23 +0,0 @@
#!/usr/bin/env bash
#require:
#wp-cli https://wp-cli.org/#installing
#wp-updater https://github.com/keesiemeijer/wp-update
#get accounts and domains
/usr/local/cpanel/scripts/updateuserdomains
cat /etc/trueuserdomains
#https://docs.cpanel.net/whm/scripts/whm-scripts/
#https://docs.cpanel.net/whm/account-functions/manage-shell-access/
#https://support.cpanel.net/hc/en-us/articles/360051992634-Differences-Between-Normal-and-Jailed-Shell
#https://www.cyberciti.biz/tips/how-do-i-find-out-what-shell-im-using.html
#get bash from user
grep "^$USER" /etc/passwd
awk -F: '/$USER/ { print $7}' /etc/passwd
#change shell
usermod -s /bin/false $USER
#https://github.com/layfellow/cpanel-cli (?)