minor changes notification scripts section

This commit is contained in:
Roger Pàmies Fabra 2025-05-18 23:43:52 +02:00
parent bb3e2ac6ec
commit ca556a1807
5 changed files with 80 additions and 60 deletions

View File

@ -4,36 +4,62 @@
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
# variables
LOGFILE="$(hostname)_chkrootkit-$(date +'%Y-%m-%d').txt";
readonly LOGFILE="$(hostname)_chkrootkit-$(date +'%Y-%m-%d').txt"
readonly NC_USER="log"
readonly NC_PASS="t1todelogs"
readonly NC_URL_WEBDAV="https://cloud.studi7.com/remote.php/dav/files"
readonly GOTIFY_TOKEN="A4w5ShWUHxcTLbx"
readonly GOTIFY_HOST="https://push.studi7.com"
readonly GOTIFY_PRIORITY=5
GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
LOGS_RELATIVE_PATH="security/"
readonly TOKEN="<TOKEN_GOTIFY_APP>"
# vars chkrootkit
SNIFFERS_WHITELIST="dhclient"
FILES_WHITELIST="/usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document "
SNIFFERS_WHITELIST="${SNIFFERS_WHITELIST} enp3s0"
FILES_WHITELIST="/usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htaccess "
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htpasswd "
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/*/.htaccess "
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/*/.htpasswd"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/jvm/.java-1.11.0-openjdk-amd64.jinfo"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/jvm/.java-1.17.0-openjdk-amd64.jinfo"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/debug/.build-id"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/libreoffice/share/.registry"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/glances/outputs/static/.gitignore"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/tests/baseline_images/.keep"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/tests/tinypages/_static/.gitignore"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/tests/tinypages/.gitignore"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.eslintrc.js"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.prettierignore"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.prettierrc"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/debug/.build-id"
# disable tests because always generate output: z2 chkutmp
ACTIVE_TESTS="aliens asp bindshell lkm rexedcs sniffer w55808 wted scalper slapper OSX_RSPLUG amd basename biff chfn chsh cron crontab date du dirname echo egrep env find fingerd gpm grep hdparm su ifconfig inetd"
ACTIVE_TESTS="${ACTIVE_TESTS} inetdconf identd init killall ldsopreload login ls lsof mail mingetty netstat named passwd pidof pop2 pop3 ps pstree rpcinfo rlogind rshd slogin sendmail sshd syslogd tar tcpd tcpdump top telnetd timed traceroute vdir w write"
OUT=$(chkrootkit -q -s "$SNIFFERS_WHITELIST" -e "$FILES_WHITELIST" $ACTIVE_TESTS)
OUT=$(chkrootkit -q -s "$SNIFFERS_WHITELIST" -e "$FILES_WHITELIST")
if [ -n "$OUT" ]
then
issues=$(echo "$OUT" | wc -l)
OUT=$(echo "$OUT" | sed -z 's/\n/\\n/g')
echo $OUT > "./$LOGFILE"
# send log to logs public archive
LOG_URL=$(sh ./utils/logger.sh "./$LOGFILE" $LOGS_RELATIVE_PATH)
#send log to nextcloud folder │ GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
curl -u $NC_USER:$NC_PASS -T "./$LOGFILE" "$NC_URL_WEBDAV/$NC_USER/"
# delete local log
rm $LOGFILE
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} There are **$issues** security issues \r"
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($NC_URL_WEBDAV/$NC_USER/$LOGFILE)"
sh ./utils/gotifypush.sh "CHK Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
# send gotify notification
TITLE="CHK Scan $(hostname)"
EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}, \"client::notification\": {\"click\": { \"url\": \"$NC_URL_WEBDAV/$NC_USER/$LOGFILE\"}}}"
curl -X POST "$GOTIFY_HOST/message?token=$GOTIFY_TOKEN" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${GOTIFY_MESSAGE}\", \"priority\": ${GOTIFY_PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"
else
echo "[chkrootkit] system clean"
fi

View File

@ -4,24 +4,32 @@
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
# variables
LOGFILE="$(hostname)_clamav-$(date +'%Y-%m-%d').log";
readonly LOGFILE="$(hostname)_clamav-$(date +'%Y-%m-%d').log"
readonly NC_USER="log"
readonly NC_PASS="t1todelogs"
readonly NC_URL_WEBDAV="https://cloud.studi7.com/remote.php/dav/files"
readonly GOTIFY_TOKEN="A4w5ShWUHxcTLbx"
readonly GOTIFY_HOST="https://push.studi7.com"
readonly GOTIFY_PRIORITY=5
readonly CLAM_LOGPATH="/var/log/clamav/scan/"
readonly LOGS_PRESERVE_DAYS=30
# Multiple folders separate by space
readonly CLAM_DIRSTOSCAN="/home/roger/Baixades/ /home/roger/Públic/"
GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
LOGS_RELATIVE_PATH="security/"
MALWARE_FOUND=false
readonly TOKEN="<TOKEN_GOTIFY_APP>";
mkdir -p $E7S_CLAM_LOGPATH
mkdir -p $CLAM_LOGPATH
for S in ${E7S_CLAM_DIRSTOSCAN}; do
for S in ${CLAM_DIRSTOSCAN}; do
DIRSIZE=$(du -sh "$S" 2>/dev/null | cut -f1);
echo "Starting a daily scan of "$S" directory. Amount of data to be scanned is "$DIRSIZE".";
clamscan -ri "$S" >> "$E7S_CLAM_LOGPATH$LOGFILE";
echo "Scanned folder: "$S >> "$E7S_CLAM_LOGPATH$LOGFILE";
clamscan -ri "$S" >> "$CLAM_LOGPATH$LOGFILE";
echo "Scanned folder: "$S >> "$CLAM_LOGPATH$LOGFILE";
# get the value of "Infected lines"
MALWARE=$(tail "$E7S_CLAM_LOGPATH$LOGFILE"|grep Infected|cut -d" " -f3);
MALWARE=$(tail "$CLAM_LOGPATH$LOGFILE"|grep Infected|cut -d" " -f3);
# if the value is not equal to zero, send an email with the log file attached
if [ "$MALWARE" -ne "0" ];then
@ -34,14 +42,20 @@ done
if $MALWARE_FOUND
then
# send log to logs public archive
LOG_URL=$(sh ./utils/logger.sh "$E7S_CLAM_LOGPATH$LOGFILE" $LOGS_RELATIVE_PATH)
# send log to nextcloud folder
#LOG_URL=$(sh ./utils/logger.sh "$CLAM_LOGPATH$LOGFILE" $LOGS_RELATIVE_PATH)
curl -u $NC_USER:$NC_PASS -T "$CLAM_LOGPATH$LOGFILE" "$NC_URL_WEBDAV/$NC_USER/"
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
sh ./utils/gotifypush.sh "ClamAV Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($NC_URL_WEBDAV/$NC_USER/$LOGFILE)"
#sh ./utils/gotifypush.sh "ClamAV Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
# send gotify notification
TITLE="ClamAV Scan $(hostname)"
EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}, \"client::notification\": {\"click\": { \"url\": \"$NC_URL_WEBDAV/$NC_USER/$LOGFILE\"}}}"
curl -X POST "$GOTIFY_HOST/message?token=$GOTIFY_TOKEN" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${GOTIFY_MESSAGE}\", \"priority\": ${GOTIFY_PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"
fi
#clean old logs files
find $E7S_CLAM_LOGPATH -maxdepth 1 -mtime +$E7S_LOGS_PRESERVE_DAYS -exec "rm" -R {} \;
find $CLAM_LOGPATH -maxdepth 1 -mtime +$LOGS_PRESERVE_DAYS -exec "rm" -R {} \;
exit 0

View File

@ -4,26 +4,34 @@
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
# variables
LOGFILE="$(hostname)_rkhunter-$(date +'%Y-%m-%d').log";
readonly LOGFILE="$(hostname)_rkhunter-$(date +'%Y-%m-%d').txt"
readonly NC_USER="log"
readonly NC_PASS="t1todelogs"
readonly NC_URL_WEBDAV="https://cloud.studi7.com/remote.php/dav/files"
readonly GOTIFY_TOKEN="A4w5ShWUHxcTLbx"
readonly GOTIFY_HOST="https://push.studi7.com"
readonly GOTIFY_PRIORITY=5
GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
LOGS_RELATIVE_PATH="security/"
readonly TOKEN="<TOKEN_GOTIFY_APP>"
OUT=$(rkhunter -c -sk --rwo -l "./$LOGFILE")
OUT=$(rkhunter -c --sk --enable rootkits,malware,trojans --rwo -l "./$LOGFILE")
if [ -n "$OUT" ]
then
issues=$(echo "$OUT" | wc -l)
# send log to logs public archive
LOG_URL=$(sh ./utils/logger.sh "./$LOGFILE" $LOGS_RELATIVE_PATH)
#send log to nextcloud folder
curl -u $NC_USER:$NC_PASS -T "./$LOGFILE" "$NC_URL_WEBDAV/$NC_USER/"
# delete local log
rm $LOGFILE
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} There are **$issues** security issues \r"
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($NC_URL_WEBDAV/$NC_USER/$LOGFILE)"
sh ./utils/gotifypush.sh "RKH Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
# send gotify notification
TITLE="RKH Scan $(hostname)"
EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}, \"client::notification\": {\"click\": { \"url\": \"$NC_URL_WEBDAV/$NC_USER/$LOGFILE\"}}}"
curl -X POST "$GOTIFY_HOST/message?token=$GOTIFY_TOKEN" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${GOTIFY_MESSAGE}\", \"priority\": ${GOTIFY_PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"
else
echo "[rkhunter] system clean"
fi

View File

@ -10,8 +10,8 @@ if [[ $EUID -ne 0 ]]; then
fi
# vars gotify
readonly GOTIFY_TOKEN="<TOKEN_GOTIFY_APP>"
readonly GOTIFY_HOST="<GOTIFY_HOST>"
readonly GOTIFY_TOKEN="AIbX-rqHb6h0-BZ"
readonly GOTIFY_HOST="https://push.studi7.com"
readonly GOTIFY_PRIORITY=5
apt update -qq

View File

@ -1,28 +0,0 @@
#!/bin/bash
#Use ./gotifypush <title> <message> <priority> <token> <clickurl>
# uncomment when use script from cron
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
# Gotify notification parameters
TITLE=$1
MESSAGE=$2
PRIORITY=$3
URL="$E7S_GOTIFY_SERVER_URL/message?token=$4"
#if url passed by parameter, set to extras
if [ -n "$5" ]
then
EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}, \"client::notification\": {\"click\": { \"url\": \"$5\"}}}"
else
EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}}"
fi
# prevent gotify post error: invalid character '\\n' in string literal
# scape \\n newlines for json
# https://unix.stackexchange.com/questions/453883/how-to-escape-new-line-characters-for-json
# MESSAGE=$(echo "$MESSAGE" | sed -z 's/\n/\\n/g')
# better curl usage https://github.com/gotify/server/issues/68
#curl --silent --output /dev/null --show-error --fail -X .... #silent curl execution, no output, only html code if error
curl -X POST "${URL}" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${MESSAGE}\", \"priority\": ${PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"