upload scan scripts and update README

This commit is contained in:
Roger Pàmies Fabra 2022-09-29 12:27:20 +02:00
parent 21ee1aa54c
commit c8b3b1d19e
4 changed files with 89 additions and 1 deletions

View File

@ -4,4 +4,24 @@
Send markdown notifications to gotify channel throught curl Send markdown notifications to gotify channel throught curl
`Usage: ./gotifypush.sh <title> <message> <priority> <token> <clickurl>` * Usage: `./gotifypush.sh <title> <message> <priority> <token> <clickurl>`
## scan_chk.sh
Scan rootkits into system with chkrootkit
* Usage: `./scan_chk.sh`
## scan_rkh.sh
Scan rootkits into system with rkhunter
* Usage: `./scan_rkh.sh`
## scan_clam.sh
Scan virus and malware into system with clamav
* Usage: `./scan_clam.sh`
**NOTE:** Need set paths (DIRTOSCAN variable) to scan

22
scan_chk.sh Normal file
View File

@ -0,0 +1,22 @@
#!/bin/bash
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
# vars gotify
readonly TOKEN="<TOKEN_GOTIFY_APP>"
#vars chkrootkit
SNIFFERS_WHITELIST="dhclient"
FILES_WHITELIST="/usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document "
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htaccess "
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htpasswd "
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/*/.htaccess "
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/*/.htpasswd"
OUT=$(chkrootkit -q -s "$SNIFFERS_WHITELIST" -e "$FILES_WHITELIST")
if [ -n "$OUT" ]
then
sh ~/gotifypush.sh "CHK Scan handycat cloud" "$OUT" 5 $TOKEN
else
echo "[chkrootkit] system clean"
fi

32
scan_clam.sh Normal file
View File

@ -0,0 +1,32 @@
#!/bin/bash
LOGDIR="/var/log/clamav/scan/";
LOGFILE="clamav-$(date +'%Y-%m-%d').log";
DIRTOSCAN="/path/to/folder/to/scan"; #multiple folders separate by space
readonly TOKEN="<TOKEN_GOTIFY_APP>";
LOG_PRESERVE_DAYS=30;
mkdir -p $LOGDIR
for S in ${DIRTOSCAN}; do
DIRSIZE=$(du -sh "$S" 2>/dev/null | cut -f1);
echo "Starting a daily scan of "$S" directory. Amount of data to be scanned is "$DIRSIZE".";
clamscan -ri "$S" >> "$LOGDIR$LOGFILE";
echo "Scanned folder: "$S >> "$LOGDIR$LOGFILE";
# get the value of "Infected lines"
MALWARE=$(tail "$LOGDIR$LOGFILE"|grep Infected|cut -d" " -f3);
# if the value is not equal to zero, send an email with the log file attached
if [ "$MALWARE" -ne "0" ];then
sh ~/gotifypush.sh "CLAMAV Scan Kerodes Studi7" "Scanned folder: **$S** \r $MALWARE" 5 $TOKEN
else
echo "[clamav] No infected files found."
fi
done
#clean old logs files
find $LOGDIR -maxdepth 1 -mtime +$LOG_PRESERVE_DAYS -exec "rm" -R {} \;
exit 0

14
scan_rkh.sh Normal file
View File

@ -0,0 +1,14 @@
#!/bin/bash
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
#vars rkhunter
readonly TOKEN="<TOKEN_GOTIFY_APP>"
OUT=$(rkhunter -c -sk --rwo)
if [ -n "$OUT" ]
then
sh ~/gotifypush.sh "RKH Scan handycat cloud" "$OUT" 5 $TOKEN
else
echo "[rkhunter] system clean"
fi