minor changes notification scripts section
This commit is contained in:
parent
bb3e2ac6ec
commit
ca556a1807
44
scan_chk.sh
44
scan_chk.sh
@ -4,36 +4,62 @@
|
||||
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
|
||||
|
||||
# variables
|
||||
LOGFILE="$(hostname)_chkrootkit-$(date +'%Y-%m-%d').txt";
|
||||
readonly LOGFILE="$(hostname)_chkrootkit-$(date +'%Y-%m-%d').txt"
|
||||
readonly NC_USER="log"
|
||||
readonly NC_PASS="t1todelogs"
|
||||
readonly NC_URL_WEBDAV="https://cloud.studi7.com/remote.php/dav/files"
|
||||
readonly GOTIFY_TOKEN="A4w5ShWUHxcTLbx"
|
||||
readonly GOTIFY_HOST="https://push.studi7.com"
|
||||
readonly GOTIFY_PRIORITY=5
|
||||
GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
|
||||
LOGS_RELATIVE_PATH="security/"
|
||||
readonly TOKEN="<TOKEN_GOTIFY_APP>"
|
||||
|
||||
# vars chkrootkit
|
||||
SNIFFERS_WHITELIST="dhclient"
|
||||
FILES_WHITELIST="/usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document "
|
||||
SNIFFERS_WHITELIST="${SNIFFERS_WHITELIST} enp3s0"
|
||||
FILES_WHITELIST="/usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document"
|
||||
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htaccess "
|
||||
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htpasswd "
|
||||
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/*/.htaccess "
|
||||
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/*/.htpasswd"
|
||||
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/jvm/.java-1.11.0-openjdk-amd64.jinfo"
|
||||
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/jvm/.java-1.17.0-openjdk-amd64.jinfo"
|
||||
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/debug/.build-id"
|
||||
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/libreoffice/share/.registry"
|
||||
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/glances/outputs/static/.gitignore"
|
||||
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/tests/baseline_images/.keep"
|
||||
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/tests/tinypages/_static/.gitignore"
|
||||
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/tests/tinypages/.gitignore"
|
||||
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.eslintrc.js"
|
||||
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.prettierignore"
|
||||
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.prettierrc"
|
||||
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document"
|
||||
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/debug/.build-id"
|
||||
# disable tests because always generate output: z2 chkutmp
|
||||
ACTIVE_TESTS="aliens asp bindshell lkm rexedcs sniffer w55808 wted scalper slapper OSX_RSPLUG amd basename biff chfn chsh cron crontab date du dirname echo egrep env find fingerd gpm grep hdparm su ifconfig inetd"
|
||||
ACTIVE_TESTS="${ACTIVE_TESTS} inetdconf identd init killall ldsopreload login ls lsof mail mingetty netstat named passwd pidof pop2 pop3 ps pstree rpcinfo rlogind rshd slogin sendmail sshd syslogd tar tcpd tcpdump top telnetd timed traceroute vdir w write"
|
||||
|
||||
OUT=$(chkrootkit -q -s "$SNIFFERS_WHITELIST" -e "$FILES_WHITELIST" $ACTIVE_TESTS)
|
||||
|
||||
OUT=$(chkrootkit -q -s "$SNIFFERS_WHITELIST" -e "$FILES_WHITELIST")
|
||||
if [ -n "$OUT" ]
|
||||
then
|
||||
issues=$(echo "$OUT" | wc -l)
|
||||
OUT=$(echo "$OUT" | sed -z 's/\n/\\n/g')
|
||||
echo $OUT > "./$LOGFILE"
|
||||
|
||||
# send log to logs public archive
|
||||
LOG_URL=$(sh ./utils/logger.sh "./$LOGFILE" $LOGS_RELATIVE_PATH)
|
||||
#send log to nextcloud folder │ GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
|
||||
curl -u $NC_USER:$NC_PASS -T "./$LOGFILE" "$NC_URL_WEBDAV/$NC_USER/"
|
||||
|
||||
# delete local log
|
||||
rm $LOGFILE
|
||||
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} There are **$issues** security issues \r"
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($NC_URL_WEBDAV/$NC_USER/$LOGFILE)"
|
||||
|
||||
sh ./utils/gotifypush.sh "CHK Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
|
||||
# send gotify notification
|
||||
TITLE="CHK Scan $(hostname)"
|
||||
EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}, \"client::notification\": {\"click\": { \"url\": \"$NC_URL_WEBDAV/$NC_USER/$LOGFILE\"}}}"
|
||||
curl -X POST "$GOTIFY_HOST/message?token=$GOTIFY_TOKEN" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${GOTIFY_MESSAGE}\", \"priority\": ${GOTIFY_PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"
|
||||
else
|
||||
echo "[chkrootkit] system clean"
|
||||
fi
|
||||
|
40
scan_clam.sh
40
scan_clam.sh
@ -4,24 +4,32 @@
|
||||
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
|
||||
|
||||
# variables
|
||||
LOGFILE="$(hostname)_clamav-$(date +'%Y-%m-%d').log";
|
||||
readonly LOGFILE="$(hostname)_clamav-$(date +'%Y-%m-%d').log"
|
||||
readonly NC_USER="log"
|
||||
readonly NC_PASS="t1todelogs"
|
||||
readonly NC_URL_WEBDAV="https://cloud.studi7.com/remote.php/dav/files"
|
||||
readonly GOTIFY_TOKEN="A4w5ShWUHxcTLbx"
|
||||
readonly GOTIFY_HOST="https://push.studi7.com"
|
||||
readonly GOTIFY_PRIORITY=5
|
||||
readonly CLAM_LOGPATH="/var/log/clamav/scan/"
|
||||
readonly LOGS_PRESERVE_DAYS=30
|
||||
# Multiple folders separate by space
|
||||
readonly CLAM_DIRSTOSCAN="/home/roger/Baixades/ /home/roger/Públic/"
|
||||
GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
|
||||
LOGS_RELATIVE_PATH="security/"
|
||||
MALWARE_FOUND=false
|
||||
readonly TOKEN="<TOKEN_GOTIFY_APP>";
|
||||
|
||||
mkdir -p $E7S_CLAM_LOGPATH
|
||||
mkdir -p $CLAM_LOGPATH
|
||||
|
||||
for S in ${E7S_CLAM_DIRSTOSCAN}; do
|
||||
for S in ${CLAM_DIRSTOSCAN}; do
|
||||
DIRSIZE=$(du -sh "$S" 2>/dev/null | cut -f1);
|
||||
|
||||
echo "Starting a daily scan of "$S" directory. Amount of data to be scanned is "$DIRSIZE".";
|
||||
|
||||
clamscan -ri "$S" >> "$E7S_CLAM_LOGPATH$LOGFILE";
|
||||
echo "Scanned folder: "$S >> "$E7S_CLAM_LOGPATH$LOGFILE";
|
||||
clamscan -ri "$S" >> "$CLAM_LOGPATH$LOGFILE";
|
||||
echo "Scanned folder: "$S >> "$CLAM_LOGPATH$LOGFILE";
|
||||
|
||||
# get the value of "Infected lines"
|
||||
MALWARE=$(tail "$E7S_CLAM_LOGPATH$LOGFILE"|grep Infected|cut -d" " -f3);
|
||||
MALWARE=$(tail "$CLAM_LOGPATH$LOGFILE"|grep Infected|cut -d" " -f3);
|
||||
|
||||
# if the value is not equal to zero, send an email with the log file attached
|
||||
if [ "$MALWARE" -ne "0" ];then
|
||||
@ -34,14 +42,20 @@ done
|
||||
|
||||
if $MALWARE_FOUND
|
||||
then
|
||||
# send log to logs public archive
|
||||
LOG_URL=$(sh ./utils/logger.sh "$E7S_CLAM_LOGPATH$LOGFILE" $LOGS_RELATIVE_PATH)
|
||||
# send log to nextcloud folder
|
||||
#LOG_URL=$(sh ./utils/logger.sh "$CLAM_LOGPATH$LOGFILE" $LOGS_RELATIVE_PATH)
|
||||
curl -u $NC_USER:$NC_PASS -T "$CLAM_LOGPATH$LOGFILE" "$NC_URL_WEBDAV/$NC_USER/"
|
||||
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
|
||||
sh ./utils/gotifypush.sh "ClamAV Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($NC_URL_WEBDAV/$NC_USER/$LOGFILE)"
|
||||
#sh ./utils/gotifypush.sh "ClamAV Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
|
||||
# send gotify notification
|
||||
TITLE="ClamAV Scan $(hostname)"
|
||||
EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}, \"client::notification\": {\"click\": { \"url\": \"$NC_URL_WEBDAV/$NC_USER/$LOGFILE\"}}}"
|
||||
curl -X POST "$GOTIFY_HOST/message?token=$GOTIFY_TOKEN" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${GOTIFY_MESSAGE}\", \"priority\": ${GOTIFY_PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"
|
||||
fi
|
||||
|
||||
#clean old logs files
|
||||
find $E7S_CLAM_LOGPATH -maxdepth 1 -mtime +$E7S_LOGS_PRESERVE_DAYS -exec "rm" -R {} \;
|
||||
find $CLAM_LOGPATH -maxdepth 1 -mtime +$LOGS_PRESERVE_DAYS -exec "rm" -R {} \;
|
||||
|
||||
exit 0
|
||||
|
24
scan_rkh.sh
24
scan_rkh.sh
@ -4,26 +4,34 @@
|
||||
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
|
||||
|
||||
# variables
|
||||
LOGFILE="$(hostname)_rkhunter-$(date +'%Y-%m-%d').log";
|
||||
readonly LOGFILE="$(hostname)_rkhunter-$(date +'%Y-%m-%d').txt"
|
||||
readonly NC_USER="log"
|
||||
readonly NC_PASS="t1todelogs"
|
||||
readonly NC_URL_WEBDAV="https://cloud.studi7.com/remote.php/dav/files"
|
||||
readonly GOTIFY_TOKEN="A4w5ShWUHxcTLbx"
|
||||
readonly GOTIFY_HOST="https://push.studi7.com"
|
||||
readonly GOTIFY_PRIORITY=5
|
||||
GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
|
||||
LOGS_RELATIVE_PATH="security/"
|
||||
readonly TOKEN="<TOKEN_GOTIFY_APP>"
|
||||
|
||||
OUT=$(rkhunter -c -sk --rwo -l "./$LOGFILE")
|
||||
OUT=$(rkhunter -c --sk --enable rootkits,malware,trojans --rwo -l "./$LOGFILE")
|
||||
if [ -n "$OUT" ]
|
||||
then
|
||||
issues=$(echo "$OUT" | wc -l)
|
||||
|
||||
# send log to logs public archive
|
||||
LOG_URL=$(sh ./utils/logger.sh "./$LOGFILE" $LOGS_RELATIVE_PATH)
|
||||
#send log to nextcloud folder
|
||||
curl -u $NC_USER:$NC_PASS -T "./$LOGFILE" "$NC_URL_WEBDAV/$NC_USER/"
|
||||
|
||||
# delete local log
|
||||
rm $LOGFILE
|
||||
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} There are **$issues** security issues \r"
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($NC_URL_WEBDAV/$NC_USER/$LOGFILE)"
|
||||
|
||||
sh ./utils/gotifypush.sh "RKH Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
|
||||
# send gotify notification
|
||||
TITLE="RKH Scan $(hostname)"
|
||||
EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}, \"client::notification\": {\"click\": { \"url\": \"$NC_URL_WEBDAV/$NC_USER/$LOGFILE\"}}}"
|
||||
curl -X POST "$GOTIFY_HOST/message?token=$GOTIFY_TOKEN" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${GOTIFY_MESSAGE}\", \"priority\": ${GOTIFY_PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"
|
||||
else
|
||||
echo "[rkhunter] system clean"
|
||||
fi
|
||||
|
@ -10,8 +10,8 @@ if [[ $EUID -ne 0 ]]; then
|
||||
fi
|
||||
|
||||
# vars gotify
|
||||
readonly GOTIFY_TOKEN="<TOKEN_GOTIFY_APP>"
|
||||
readonly GOTIFY_HOST="<GOTIFY_HOST>"
|
||||
readonly GOTIFY_TOKEN="AIbX-rqHb6h0-BZ"
|
||||
readonly GOTIFY_HOST="https://push.studi7.com"
|
||||
readonly GOTIFY_PRIORITY=5
|
||||
|
||||
apt update -qq
|
||||
|
@ -1,28 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
#Use ./gotifypush <title> <message> <priority> <token> <clickurl>
|
||||
|
||||
# uncomment when use script from cron
|
||||
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
|
||||
|
||||
# Gotify notification parameters
|
||||
TITLE=$1
|
||||
MESSAGE=$2
|
||||
PRIORITY=$3
|
||||
URL="$E7S_GOTIFY_SERVER_URL/message?token=$4"
|
||||
#if url passed by parameter, set to extras
|
||||
if [ -n "$5" ]
|
||||
then
|
||||
EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}, \"client::notification\": {\"click\": { \"url\": \"$5\"}}}"
|
||||
else
|
||||
EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}}"
|
||||
fi
|
||||
|
||||
# prevent gotify post error: invalid character '\\n' in string literal
|
||||
# scape \\n newlines for json
|
||||
# https://unix.stackexchange.com/questions/453883/how-to-escape-new-line-characters-for-json
|
||||
# MESSAGE=$(echo "$MESSAGE" | sed -z 's/\n/\\n/g')
|
||||
|
||||
# better curl usage https://github.com/gotify/server/issues/68
|
||||
#curl --silent --output /dev/null --show-error --fail -X .... #silent curl execution, no output, only html code if error
|
||||
curl -X POST "${URL}" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${MESSAGE}\", \"priority\": ${PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"
|
Loading…
x
Reference in New Issue
Block a user