upload scan scripts and update README

2022-09-29 12:27:20 +02:00 · 2022-09-29 12:27:20 +02:00 · c8b3b1d19e
parent 21ee1aa54c
commit c8b3b1d19e
4 changed files with 89 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -4,4 +4,24 @@

 Send markdown notifications to gotify channel throught curl

-`Usage: ./gotifypush.sh <title> <message> <priority> <token> <clickurl>`
+* Usage: `./gotifypush.sh <title> <message> <priority> <token> <clickurl>`
+
+## scan_chk.sh
+
+Scan rootkits into system with chkrootkit
+
+* Usage: `./scan_chk.sh`
+
+## scan_rkh.sh
+
+Scan rootkits into system with rkhunter
+
+* Usage: `./scan_rkh.sh`
+
+## scan_clam.sh
+
+Scan virus and malware into system with clamav
+
+* Usage: `./scan_clam.sh`
+
+**NOTE:** Need set paths (DIRTOSCAN variable) to scan
--- a/scan_chk.sh
+++ b/scan_chk.sh
@ -0,0 +1,22 @@
+#!/bin/bash
+
+PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
+
+# vars gotify
+readonly TOKEN="<TOKEN_GOTIFY_APP>"
+
+#vars chkrootkit
+SNIFFERS_WHITELIST="dhclient"
+FILES_WHITELIST="/usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document "
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htaccess "
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htpasswd "
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/*/.htaccess "
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/*/.htpasswd"
+
+OUT=$(chkrootkit -q -s "$SNIFFERS_WHITELIST" -e "$FILES_WHITELIST")
+if [ -n "$OUT" ]
+then
+        sh ~/gotifypush.sh "CHK Scan handycat cloud" "$OUT" 5 $TOKEN
+else
+        echo "[chkrootkit] system clean"
+fi
--- a/scan_clam.sh
+++ b/scan_clam.sh
@ -0,0 +1,32 @@
+#!/bin/bash
+LOGDIR="/var/log/clamav/scan/";
+LOGFILE="clamav-$(date +'%Y-%m-%d').log";
+DIRTOSCAN="/path/to/folder/to/scan"; #multiple folders separate by space
+readonly TOKEN="<TOKEN_GOTIFY_APP>";
+LOG_PRESERVE_DAYS=30;
+
+mkdir -p $LOGDIR
+
+for S in ${DIRTOSCAN}; do
+ DIRSIZE=$(du -sh "$S" 2>/dev/null | cut -f1);
+
+ echo "Starting a daily scan of "$S" directory. Amount of data to be scanned is "$DIRSIZE".";
+
+ clamscan -ri "$S" >> "$LOGDIR$LOGFILE";
+ echo "Scanned folder: "$S >> "$LOGDIR$LOGFILE";
+
+ # get the value of "Infected lines"
+ MALWARE=$(tail "$LOGDIR$LOGFILE"|grep Infected|cut -d" " -f3);
+
+ # if the value is not equal to zero, send an email with the log file attached
+ if [ "$MALWARE" -ne "0" ];then
+   sh ~/gotifypush.sh "CLAMAV Scan Kerodes Studi7" "Scanned folder: **$S**  \r $MALWARE" 5 $TOKEN
+ else
+   echo "[clamav] No infected files found."
+ fi
+done
+
+#clean old logs files
+find $LOGDIR -maxdepth 1 -mtime +$LOG_PRESERVE_DAYS -exec "rm" -R {} \;
+
+exit 0
--- a/scan_rkh.sh
+++ b/scan_rkh.sh
@ -0,0 +1,14 @@
+#!/bin/bash
+
+PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
+
+#vars rkhunter
+readonly TOKEN="<TOKEN_GOTIFY_APP>"
+
+OUT=$(rkhunter -c -sk --rwo)
+if [ -n "$OUT" ]
+then
+        sh ~/gotifypush.sh "RKH Scan handycat cloud" "$OUT" 5 $TOKEN
+else
+        echo "[rkhunter] system clean"
+fi