upload scan scripts and update README
This commit is contained in:
parent
21ee1aa54c
commit
c8b3b1d19e
22
README.md
22
README.md
|
|
@ -4,4 +4,24 @@
|
||||||
|
|
||||||
Send markdown notifications to gotify channel throught curl
|
Send markdown notifications to gotify channel throught curl
|
||||||
|
|
||||||
`Usage: ./gotifypush.sh <title> <message> <priority> <token> <clickurl>`
|
* Usage: `./gotifypush.sh <title> <message> <priority> <token> <clickurl>`
|
||||||
|
|
||||||
|
## scan_chk.sh
|
||||||
|
|
||||||
|
Scan rootkits into system with chkrootkit
|
||||||
|
|
||||||
|
* Usage: `./scan_chk.sh`
|
||||||
|
|
||||||
|
## scan_rkh.sh
|
||||||
|
|
||||||
|
Scan rootkits into system with rkhunter
|
||||||
|
|
||||||
|
* Usage: `./scan_rkh.sh`
|
||||||
|
|
||||||
|
## scan_clam.sh
|
||||||
|
|
||||||
|
Scan virus and malware into system with clamav
|
||||||
|
|
||||||
|
* Usage: `./scan_clam.sh`
|
||||||
|
|
||||||
|
**NOTE:** Need set paths (DIRTOSCAN variable) to scan
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,22 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
|
||||||
|
|
||||||
|
# vars gotify
|
||||||
|
readonly TOKEN="<TOKEN_GOTIFY_APP>"
|
||||||
|
|
||||||
|
#vars chkrootkit
|
||||||
|
SNIFFERS_WHITELIST="dhclient"
|
||||||
|
FILES_WHITELIST="/usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document "
|
||||||
|
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htaccess "
|
||||||
|
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htpasswd "
|
||||||
|
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/*/.htaccess "
|
||||||
|
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/*/.htpasswd"
|
||||||
|
|
||||||
|
OUT=$(chkrootkit -q -s "$SNIFFERS_WHITELIST" -e "$FILES_WHITELIST")
|
||||||
|
if [ -n "$OUT" ]
|
||||||
|
then
|
||||||
|
sh ~/gotifypush.sh "CHK Scan handycat cloud" "$OUT" 5 $TOKEN
|
||||||
|
else
|
||||||
|
echo "[chkrootkit] system clean"
|
||||||
|
fi
|
||||||
|
|
@ -0,0 +1,32 @@
|
||||||
|
#!/bin/bash
|
||||||
|
LOGDIR="/var/log/clamav/scan/";
|
||||||
|
LOGFILE="clamav-$(date +'%Y-%m-%d').log";
|
||||||
|
DIRTOSCAN="/path/to/folder/to/scan"; #multiple folders separate by space
|
||||||
|
readonly TOKEN="<TOKEN_GOTIFY_APP>";
|
||||||
|
LOG_PRESERVE_DAYS=30;
|
||||||
|
|
||||||
|
mkdir -p $LOGDIR
|
||||||
|
|
||||||
|
for S in ${DIRTOSCAN}; do
|
||||||
|
DIRSIZE=$(du -sh "$S" 2>/dev/null | cut -f1);
|
||||||
|
|
||||||
|
echo "Starting a daily scan of "$S" directory. Amount of data to be scanned is "$DIRSIZE".";
|
||||||
|
|
||||||
|
clamscan -ri "$S" >> "$LOGDIR$LOGFILE";
|
||||||
|
echo "Scanned folder: "$S >> "$LOGDIR$LOGFILE";
|
||||||
|
|
||||||
|
# get the value of "Infected lines"
|
||||||
|
MALWARE=$(tail "$LOGDIR$LOGFILE"|grep Infected|cut -d" " -f3);
|
||||||
|
|
||||||
|
# if the value is not equal to zero, send an email with the log file attached
|
||||||
|
if [ "$MALWARE" -ne "0" ];then
|
||||||
|
sh ~/gotifypush.sh "CLAMAV Scan Kerodes Studi7" "Scanned folder: **$S** \r $MALWARE" 5 $TOKEN
|
||||||
|
else
|
||||||
|
echo "[clamav] No infected files found."
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
#clean old logs files
|
||||||
|
find $LOGDIR -maxdepth 1 -mtime +$LOG_PRESERVE_DAYS -exec "rm" -R {} \;
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
|
@ -0,0 +1,14 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
|
||||||
|
|
||||||
|
#vars rkhunter
|
||||||
|
readonly TOKEN="<TOKEN_GOTIFY_APP>"
|
||||||
|
|
||||||
|
OUT=$(rkhunter -c -sk --rwo)
|
||||||
|
if [ -n "$OUT" ]
|
||||||
|
then
|
||||||
|
sh ~/gotifypush.sh "RKH Scan handycat cloud" "$OUT" 5 $TOKEN
|
||||||
|
else
|
||||||
|
echo "[rkhunter] system clean"
|
||||||
|
fi
|
||||||
Loading…
Reference in New Issue