diff --git a/README.md b/README.md index db684bd..677c5a0 100644 --- a/README.md +++ b/README.md @@ -1,29 +1,51 @@ # Bash Scripts collection -wget -O init_scripts.sh https://git.studi7.com/roger/bashscripts/raw/branch/master/init_scripts.sh && chmod +x init_scripts.sh && ./init_scripts.sh +## Permanent enviroment variables in ~/.profile -## gotifypush.sh +Append file `~/.profile` with this variables: + +``` +# E7 Scripts +# ClamAV scan script +export E7S_CLAM_LOGPATH="/path/to/logs/" +# Multiple folders separate by space +export E7S_CLAM_DIRSTOSCAN="/path/to/target/" +# Global script variables +export E7S_GOTIFY_SERVER_URL="https://push.example.com" +export E7S_LOGS_PRESERVE_DAYS=30 +export ES7_LOGS_SERVER_SSH="server.example.com" +export ES7_LOGS_PATH="/path/to/web/root/" +export ES7_LOGS_URL="https://logs.example.com" +``` + +## Scripts + +### utils/gotifypush.sh Send markdown notifications to gotify channel throught curl * Usage: `./gotifypush.sh <message> <priority> <token> <clickurl>` -## scan_chk.sh +### utils/logger.sh + +Save logs into remote server and publish it into web server + +* Usage: `./logger.sh <logfile> <relativepath>` + +### scan_chk.sh Scan rootkits into system with chkrootkit * Usage: `./scan_chk.sh` -## scan_rkh.sh +### scan_rkh.sh Scan rootkits into system with rkhunter * Usage: `./scan_rkh.sh` -## scan_clam.sh +### scan_clam.sh Scan virus and malware into system with clamav * Usage: `./scan_clam.sh` - -**NOTE:** Need set paths (DIRTOSCAN variable) to scan diff --git a/init_scripts.sh b/init_scripts.sh deleted file mode 100644 index bb08332..0000000 --- a/init_scripts.sh +++ /dev/null @@ -1,111 +0,0 @@ -#!/bin/bash - -# Functions -show_cron_help () { - echo "--------------------------------------------" - echo "* * * * * command to be executed" - echo "- - - - -" - echo "| | | | |" - echo "| | | | ----- Day of week (0 - 7) (Sunday=0 or 7)" - echo "| | | ------- Month (1 - 12)" - echo "| | --------- Day of month (1 - 31)" - echo "| ----------- Hour (0 - 23)" - echo "------------- Minute (0 - 59)" - echo "Examples:" - echo "(predefined) @annually | @yearly | @monthly | @weekly | @daily | @hourly | @reboot" - echo "(every) @every 5s | @every 20h30m" - echo "(custom) 10 20 * * * | 0 3 * * 1-5" - echo -e "--------------------------------------------\n" -} - -get_cron () { - cron=false - while [ "$cron" != "true" ] - do - read -p 'Escriu el periode del cron: ' CRON - case $CRON in - ("") echo "El cron no pot ser buit";; - (*) cron=true #echo "just numeric";; - esac - done - echo "$CRON" -} -# End functions - -readonly SCRIPTS_FOLDER="e7scripts" -readonly GOTIFY_SCRIPT_NAME="gotifypush.sh" -readonly GOTIFY_SCRIPT_URL="https://git.studi7.com/roger/bashscripts/raw/branch/master/gotifypush.sh" -readonly UPDATES_SCRIPT_NAME="updates_notifier.sh" -readonly UPDATES_SCRIPT_URL="https://git.studi7.com/roger/bashscripts/raw/branch/master/updates_notifier.sh" - -#verify run as root or sudo -if [[ $EUID -ne 0 ]]; then - echo "This script must be run as root" - exit 1 -fi - -#set -f -#func_result="$(get_cron)" -#echo $func_result -#set +f - -echo "/////////////////////////////////////////" -echo "Benvingut a l'instalador d'Scripts" -echo -e "/////////////////////////////////////\n" - -finished=false -while [ "$finished" != "true" ] -do - -# Choose script to install -echo "0) Sortir de l'instalador" -echo "1) Notificador dels resultats dels scripts (Gotify Push Notifications)" -echo "2) Notificador d'actualitzacions" -echo "3) Escaneig de rootkits amb RK Hunter" -echo "4) Escaneig de rootkits amb CHK Rootkit" -echo -e "5) Escaneig de virus amb ClamAV\n" - -choosed=false -while [ "$choosed" != "true" ] -do - read -p 'Indica quin script vols instal·lar (0 per sortir): ' SCRIPT_NUM - case $SCRIPT_NUM in - ("") echo "El número no pot ser buit";; - (*[!0-9]*) echo "Has d'introduir un número";; - (*) choosed=true #echo "just numeric";; - esac -done - -if [ "$SCRIPT_NUM" = "0" ]; then - finished=true - exit 0 -elif [ "$SCRIPT_NUM" = "1" ]; then - mkdir -p $SCRIPTS_FOLDER - wget -O "$SCRIPTS_FOLDER/$GOTIFY_SCRIPT_NAME" $GOTIFY_SCRIPT_URL - read -p 'Indica el domini de gotify: ' GOTIFY_DOMAIN - sed -i "s/push.example.com/$GOTIFY_DOMAIN/" "$SCRIPTS_FOLDER/$GOTIFY_SCRIPT_NAME" - chmod +x "$SCRIPTS_FOLDER/$GOTIFY_SCRIPT_NAME" - echo -e "Script instal·lat correctament\n" -elif [ "$SCRIPT_NUM" = "2" ];then - mkdir -p $SCRIPTS_FOLDER - wget -O "$SCRIPTS_FOLDER/$UPDATES_SCRIPT_NAME" $UPDATES_SCRIPT_URL - read -p 'Indica el token del canal de gotify: ' TOKEN - sed -i "s/<TOKEN_GOTIFY_APP>/$TOKEN/" "$SCRIPTS_FOLDER/$UPDATES_SCRIPT_NAME" - sed -i "s/Hostname/$(hostname)/" "$SCRIPTS_FOLDER/$UPDATES_SCRIPT_NAME" - chmod +x "$SCRIPTS_FOLDER/$UPDATES_SCRIPT_NAME" - echo -e "\nAFEGEIX EL CRON\n" - show_cron_help - cron="$(get_cron)" - #https://stackoverflow.com/questions/878600/how-to-create-a-cron-job-using-bash-automatically-without-the-interactive-editor - #remove previous crontab - (crontab -l | grep -v -F "$UPDATES_SCRIPT_NAME") | crontab - - #add crontab - (crontab -l ; echo "$cron cd $(pwd)/$SCRIPTS_FOLDER/ && ./$UPDATES_SCRIPT_NAME 2>&1") | crontab - - echo -e "Script instal·lat correctament\n" - #TODO Function cron get period - -else - echo -e "Aquest número d'script no existeix. Tornar a intentar-ho\n" -fi - -done diff --git a/scan_chk.sh b/scan_chk.sh index 31d310d..025820b 100644 --- a/scan_chk.sh +++ b/scan_chk.sh @@ -1,14 +1,12 @@ #!/bin/bash -PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin - +# variables LOGFILE="$(hostname)_chkrootkit-$(date +'%Y-%m-%d').txt"; GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r" - -# vars gotify +LOGS_RELATIVE_PATH="security/" readonly TOKEN="<TOKEN_GOTIFY_APP>" -#vars chkrootkit +# vars chkrootkit SNIFFERS_WHITELIST="dhclient" FILES_WHITELIST="/usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document " FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htaccess " @@ -24,7 +22,7 @@ then echo $OUT > "./$LOGFILE" # send log to logs public archive - LOG_URL=$(sh ./utils/logger.sh "./$LOGFILE") + LOG_URL=$(sh ./utils/logger.sh "./$LOGFILE" $LOGS_RELATIVE_PATH) # delete local log rm $LOGFILE diff --git a/scan_clam.sh b/scan_clam.sh index 2fb8acb..d9d5dac 100644 --- a/scan_clam.sh +++ b/scan_clam.sh @@ -1,26 +1,24 @@ #!/bin/bash -LOGDIR="/var/log/clamav/scan/"; -LOGFILE="kerodes_clamav-$(date +'%Y-%m-%d').log"; -#DIRTOSCAN="/home/roger/Públic /home/roger/Baixades/targets"; #multiple folders separate by space -DIRTOSCAN="/home/roger/Baixades/targets"; #multiple folders separate by space -readonly TOKEN="<TOKEN_GOTIFY_APP>"; -readonly GOTIFY_SERVER="<GOTIFY_URL_SERVER>" -LOG_PRESERVE_DAYS=30; + +# variables +LOGFILE="$(hostname)_clamav-$(date +'%Y-%m-%d').log"; GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r" +LOGS_RELATIVE_PATH="security/" MALWARE_FOUND=false +readonly TOKEN="<TOKEN_GOTIFY_APP>"; -mkdir -p $LOGDIR +mkdir -p $E7S_CLAM_LOGPATH -for S in ${DIRTOSCAN}; do +for S in ${E7S_CLAM_DIRSTOSCAN}; do DIRSIZE=$(du -sh "$S" 2>/dev/null | cut -f1); echo "Starting a daily scan of "$S" directory. Amount of data to be scanned is "$DIRSIZE"."; - clamscan -ri "$S" >> "$LOGDIR$LOGFILE"; - echo "Scanned folder: "$S >> "$LOGDIR$LOGFILE"; + clamscan -ri "$S" >> "$E7S_CLAM_LOGPATH$LOGFILE"; + echo "Scanned folder: "$S >> "$E7S_CLAM_LOGPATH$LOGFILE"; # get the value of "Infected lines" - MALWARE=$(tail "$LOGDIR$LOGFILE"|grep Infected|cut -d" " -f3); + MALWARE=$(tail "$E7S_CLAM_LOGPATH$LOGFILE"|grep Infected|cut -d" " -f3); # if the value is not equal to zero, send an email with the log file attached if [ "$MALWARE" -ne "0" ];then @@ -34,13 +32,13 @@ done if $MALWARE_FOUND then # send log to logs public archive - LOG_URL=$(sh ./utils/logger.sh "$LOGDIR$LOGFILE") + LOG_URL=$(sh ./utils/logger.sh "$E7S_CLAM_LOGPATH$LOGFILE" $LOGS_RELATIVE_PATH) GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r" GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)" sh ./utils/gotifypush.sh "ClamAV Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN fi #clean old logs files -find $LOGDIR -maxdepth 1 -mtime +$LOG_PRESERVE_DAYS -exec "rm" -R {} \; +find $E7S_CLAM_LOGPATH -maxdepth 1 -mtime +$E7S_LOGS_PRESERVE_DAYS -exec "rm" -R {} \; exit 0 diff --git a/scan_rkh.sh b/scan_rkh.sh index 0dbd532..22055f0 100644 --- a/scan_rkh.sh +++ b/scan_rkh.sh @@ -1,22 +1,18 @@ -GNU nano 5.4 scan_rkh.sh #!/bin/bash -PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin - -LOGFILE="$(hostname)_rkhunter-$(date +'%Y-%m-%d').txt"; +# variables +LOGFILE="$(hostname)_rkhunter-$(date +'%Y-%m-%d').log"; GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r" - -#vars rkhunter +LOGS_RELATIVE_PATH="security/" readonly TOKEN="<TOKEN_GOTIFY_APP>" -OUT=$(rkhunter -c -sk --rwo -l "./rkhunter.log") +OUT=$(rkhunter -c -sk --rwo -l "./$LOGFILE") if [ -n "$OUT" ] then issues=$(echo "$OUT" | wc -l) - mv "./rkhunter.log" "./$LOGFILE" # send log to logs public archive - LOG_URL=$(sh ./utils/logger.sh "./$LOGFILE") + LOG_URL=$(sh ./utils/logger.sh "./$LOGFILE" $LOGS_RELATIVE_PATH) # delete local log rm $LOGFILE diff --git a/updates_notifier.sh b/updates_notifier.sh index e42457e..90d4f5a 100644 --- a/updates_notifier.sh +++ b/updates_notifier.sh @@ -1,7 +1,5 @@ #!/bin/bash -PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin - #verify run as root or sudo if [[ $EUID -ne 0 ]]; then echo "This script must be run as root" diff --git a/utils/gotifypush.sh b/utils/gotifypush.sh index ff8a4fc..f3ac293 100644 --- a/utils/gotifypush.sh +++ b/utils/gotifypush.sh @@ -2,14 +2,11 @@ #Use ./gotifypush <title> <message> <priority> <token> <clickurl> -#uncomment when use script from cron -PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin - # Gotify notification parameters TITLE=$1 MESSAGE=$2 PRIORITY=$3 -URL="https://push.example.com/message?token=$4" +URL="$ES7_GOTIFY_SERVER_URL/message?token=$4" #if url passed by parameter, set to extras if [ -n "$5" ] then diff --git a/utils/logger.sh b/utils/logger.sh index 578fd66..d9a121a 100644 --- a/utils/logger.sh +++ b/utils/logger.sh @@ -1,23 +1,23 @@ #!/bin/bash -PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin -#Use ./logger.sh <logfile> +#Use ./logger.sh <logfile> <relativepath> -# Log parameters -REMOTE_SERVER="estudiset.backups" -REMOTE_PATH="/var/www/html/logs/clamav/" -PUBLIC_LOG_URL="https://logs.studi7.com/clamav/" -LOG_PRESERVE_DAYS=30 +# variables +REMOTE_PATH="$ES7_LOGS_PATH$2" +PUBLIC_LOG_URL="$ES7_LOGS_URL/$2" # create remote folder to store logs if not exist -ssh $REMOTE_SERVER "mkdir -p $REMOTE_PATH" +ssh $ES7_LOGS_SERVER_SSH "sudo mkdir -p $REMOTE_PATH" # Copy local logfile to remote destination -scp $1 "$REMOTE_SERVER:$REMOTE_PATH" +scp $1 "$ES7_LOGS_SERVER_SSH:$REMOTE_PATH" + +# set correct permissions +ssh $ES7_LOGS_SERVER_SSH "sudo chmod 644 $REMOTE_PATH$1" # Clear x days old remote logs -ssh $REMOTE_SERVER 'bash -s' << EOF -find $REMOTE_PATH -maxdepth 1 -mtime +$LOG_PRESERVE_DAYS -exec "rm" -R {} \; +ssh $ES7_LOGS_SERVER_SSH 'bash -s' << EOF +find $REMOTE_PATH -maxdepth 1 -mtime +$E7S_LOGS_PRESERVE_DAYS -exec "rm" -R {} \; EOF # return final log url @@ -27,6 +27,6 @@ extension=${file##*.} base=$(basename "${file%.*}") # change to txt if log is another text format if [ $extension != "txt" ]; then - ssh $REMOTE_SERVER "mv $REMOTE_PATH$file $REMOTE_PATH$base.txt" + ssh $ES7_LOGS_SERVER_SSH "mv $REMOTE_PATH$file $REMOTE_PATH$base.txt" fi echo "${PUBLIC_LOG_URL}${base}.txt"