minor changes notification scripts section

2025-05-18 23:43:52 +02:00 · 2025-05-18 23:43:52 +02:00 · ca556a1807
commit ca556a1807
parent bb3e2ac6ec
5 changed files with 80 additions and 60 deletions
--- a/scan_chk.sh
+++ b/scan_chk.sh
@ -4,36 +4,62 @@
 PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin

 # variables
-LOGFILE="$(hostname)_chkrootkit-$(date +'%Y-%m-%d').txt";
+readonly LOGFILE="$(hostname)_chkrootkit-$(date +'%Y-%m-%d').txt"
+readonly NC_USER="log"
+readonly NC_PASS="t1todelogs"
+readonly NC_URL_WEBDAV="https://cloud.studi7.com/remote.php/dav/files"
+readonly GOTIFY_TOKEN="A4w5ShWUHxcTLbx"
+readonly GOTIFY_HOST="https://push.studi7.com"
+readonly GOTIFY_PRIORITY=5
 GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"**  \r"
-LOGS_RELATIVE_PATH="security/"
-readonly TOKEN="<TOKEN_GOTIFY_APP>"

 # vars chkrootkit
 SNIFFERS_WHITELIST="dhclient"
-FILES_WHITELIST="/usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document "
+SNIFFERS_WHITELIST="${SNIFFERS_WHITELIST} enp3s0"
+FILES_WHITELIST="/usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document"
 FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htaccess "
 FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htpasswd "
 FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/*/.htaccess "
 FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/*/.htpasswd"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/jvm/.java-1.11.0-openjdk-amd64.jinfo"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/jvm/.java-1.17.0-openjdk-amd64.jinfo"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/debug/.build-id"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/libreoffice/share/.registry"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/glances/outputs/static/.gitignore"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/tests/baseline_images/.keep"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/tests/tinypages/_static/.gitignore"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/tests/tinypages/.gitignore"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.eslintrc.js"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.prettierignore"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.prettierrc"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/debug/.build-id"
+# disable tests because always generate output: z2 chkutmp
+ACTIVE_TESTS="aliens asp bindshell lkm rexedcs sniffer w55808 wted scalper slapper OSX_RSPLUG amd basename biff chfn chsh cron crontab date du dirname echo egrep env find fingerd gpm grep hdparm su ifconfig inetd"
+ACTIVE_TESTS="${ACTIVE_TESTS} inetdconf identd init killall ldsopreload login ls lsof mail mingetty netstat named passwd pidof pop2 pop3 ps pstree rpcinfo rlogind rshd slogin sendmail sshd syslogd tar tcpd tcpdump top telnetd timed traceroute vdir w write"
+
+OUT=$(chkrootkit -q -s "$SNIFFERS_WHITELIST" -e "$FILES_WHITELIST" $ACTIVE_TESTS)

-OUT=$(chkrootkit -q -s "$SNIFFERS_WHITELIST" -e "$FILES_WHITELIST")
 if [ -n "$OUT" ]
 then
  issues=$(echo "$OUT" | wc -l)
  OUT=$(echo "$OUT" | sed -z 's/\n/\\n/g')
  echo $OUT > "./$LOGFILE"

-  # send log to logs public archive
-  LOG_URL=$(sh ./utils/logger.sh "./$LOGFILE" $LOGS_RELATIVE_PATH)
+  #send log to nextcloud folder                                                                                       │  GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
+  curl -u $NC_USER:$NC_PASS -T "./$LOGFILE" "$NC_URL_WEBDAV/$NC_USER/"
+
  # delete local log
  rm $LOGFILE

  GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"**  \r"
  GOTIFY_MESSAGE="${GOTIFY_MESSAGE} There are **$issues** security issues  \r"
-  GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
+  GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($NC_URL_WEBDAV/$NC_USER/$LOGFILE)"

-  sh ./utils/gotifypush.sh "CHK Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
+  # send gotify notification
+  TITLE="CHK Scan $(hostname)"
+  EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}, \"client::notification\": {\"click\": {  \"url\": \"$NC_URL_WEBDAV/$NC_USER/$LOGFILE\"}}}"
+  curl -X POST "$GOTIFY_HOST/message?token=$GOTIFY_TOKEN" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${GOTIFY_MESSAGE}\", \"priority\": ${GOTIFY_PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"
 else
        echo "[chkrootkit] system clean"
 fi
--- a/scan_clam.sh
+++ b/scan_clam.sh
@ -4,24 +4,32 @@
 PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin

 # variables
-LOGFILE="$(hostname)_clamav-$(date +'%Y-%m-%d').log";
+readonly LOGFILE="$(hostname)_clamav-$(date +'%Y-%m-%d').log"
+readonly NC_USER="log"
+readonly NC_PASS="t1todelogs"
+readonly NC_URL_WEBDAV="https://cloud.studi7.com/remote.php/dav/files"
+readonly GOTIFY_TOKEN="A4w5ShWUHxcTLbx"
+readonly GOTIFY_HOST="https://push.studi7.com"
+readonly GOTIFY_PRIORITY=5
+readonly CLAM_LOGPATH="/var/log/clamav/scan/"
+readonly LOGS_PRESERVE_DAYS=30
+# Multiple folders separate by space
+readonly CLAM_DIRSTOSCAN="/home/roger/Baixades/ /home/roger/Públic/"
 GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"**  \r"
-LOGS_RELATIVE_PATH="security/"
 MALWARE_FOUND=false
-readonly TOKEN="<TOKEN_GOTIFY_APP>";

-mkdir -p $E7S_CLAM_LOGPATH
+mkdir -p $CLAM_LOGPATH

-for S in ${E7S_CLAM_DIRSTOSCAN}; do
+for S in ${CLAM_DIRSTOSCAN}; do
 DIRSIZE=$(du -sh "$S" 2>/dev/null | cut -f1);

 echo "Starting a daily scan of "$S" directory. Amount of data to be scanned is "$DIRSIZE".";

- clamscan -ri "$S" >> "$E7S_CLAM_LOGPATH$LOGFILE";
- echo "Scanned folder: "$S >> "$E7S_CLAM_LOGPATH$LOGFILE";
+ clamscan -ri "$S" >> "$CLAM_LOGPATH$LOGFILE";
+ echo "Scanned folder: "$S >> "$CLAM_LOGPATH$LOGFILE";

 # get the value of "Infected lines"
- MALWARE=$(tail "$E7S_CLAM_LOGPATH$LOGFILE"|grep Infected|cut -d" " -f3);
+ MALWARE=$(tail "$CLAM_LOGPATH$LOGFILE"|grep Infected|cut -d" " -f3);

 # if the value is not equal to zero, send an email with the log file attached
 if [ "$MALWARE" -ne "0" ];then
@ -34,14 +42,20 @@ done

 if $MALWARE_FOUND
 then
-   # send log to logs public archive
-   LOG_URL=$(sh ./utils/logger.sh "$E7S_CLAM_LOGPATH$LOGFILE" $LOGS_RELATIVE_PATH)
+   # send log to nextcloud folder
+   #LOG_URL=$(sh ./utils/logger.sh "$CLAM_LOGPATH$LOGFILE" $LOGS_RELATIVE_PATH)
+   curl -u $NC_USER:$NC_PASS -T "$CLAM_LOGPATH$LOGFILE" "$NC_URL_WEBDAV/$NC_USER/"
+
   GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"**  \r"
-   GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
-   sh ./utils/gotifypush.sh "ClamAV Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
+   GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($NC_URL_WEBDAV/$NC_USER/$LOGFILE)"
+   #sh ./utils/gotifypush.sh "ClamAV Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
+   # send gotify notification
+   TITLE="ClamAV Scan $(hostname)"
+   EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}, \"client::notification\": {\"click\": {  \"url\": \"$NC_URL_WEBDAV/$NC_USER/$LOGFILE\"}}}"
+   curl -X POST "$GOTIFY_HOST/message?token=$GOTIFY_TOKEN" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${GOTIFY_MESSAGE}\", \"priority\": ${GOTIFY_PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"
 fi

 #clean old logs files
-find $E7S_CLAM_LOGPATH -maxdepth 1 -mtime +$E7S_LOGS_PRESERVE_DAYS -exec "rm" -R {} \;
+find $CLAM_LOGPATH -maxdepth 1 -mtime +$LOGS_PRESERVE_DAYS -exec "rm" -R {} \;

 exit 0
--- a/scan_rkh.sh
+++ b/scan_rkh.sh
@ -4,26 +4,34 @@
 PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin

 # variables
-LOGFILE="$(hostname)_rkhunter-$(date +'%Y-%m-%d').log";
+readonly LOGFILE="$(hostname)_rkhunter-$(date +'%Y-%m-%d').txt"
+readonly NC_USER="log"
+readonly NC_PASS="t1todelogs"
+readonly NC_URL_WEBDAV="https://cloud.studi7.com/remote.php/dav/files"
+readonly GOTIFY_TOKEN="A4w5ShWUHxcTLbx"
+readonly GOTIFY_HOST="https://push.studi7.com"
+readonly GOTIFY_PRIORITY=5
 GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"**  \r"
-LOGS_RELATIVE_PATH="security/"
-readonly TOKEN="<TOKEN_GOTIFY_APP>"

-OUT=$(rkhunter -c -sk --rwo -l "./$LOGFILE")
+OUT=$(rkhunter -c --sk --enable rootkits,malware,trojans --rwo -l "./$LOGFILE")
 if [ -n "$OUT" ]
 then
  issues=$(echo "$OUT" | wc -l)

-  # send log to logs public archive
-  LOG_URL=$(sh ./utils/logger.sh "./$LOGFILE" $LOGS_RELATIVE_PATH)
+  #send log to nextcloud folder
+  curl -u $NC_USER:$NC_PASS -T "./$LOGFILE" "$NC_URL_WEBDAV/$NC_USER/"
+
  # delete local log
  rm $LOGFILE

  GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"**  \r"
  GOTIFY_MESSAGE="${GOTIFY_MESSAGE} There are **$issues** security issues  \r"
-  GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
+  GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($NC_URL_WEBDAV/$NC_USER/$LOGFILE)"

-  sh ./utils/gotifypush.sh "RKH Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
+  # send gotify notification
+  TITLE="RKH Scan $(hostname)"
+  EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}, \"client::notification\": {\"click\": {  \"url\": \"$NC_URL_WEBDAV/$NC_USER/$LOGFILE\"}}}"
+  curl -X POST "$GOTIFY_HOST/message?token=$GOTIFY_TOKEN" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${GOTIFY_MESSAGE}\", \"priority\": ${GOTIFY_PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"
 else
  echo "[rkhunter] system clean"
 fi
--- a/updates_notifier.sh
+++ b/updates_notifier.sh
@ -10,8 +10,8 @@ if [[ $EUID -ne 0 ]]; then
 fi

 # vars gotify
-readonly GOTIFY_TOKEN="<TOKEN_GOTIFY_APP>"
-readonly GOTIFY_HOST="<GOTIFY_HOST>"
+readonly GOTIFY_TOKEN="AIbX-rqHb6h0-BZ"
+readonly GOTIFY_HOST="https://push.studi7.com"
 readonly GOTIFY_PRIORITY=5

 apt update -qq
--- a/utils/gotifypush.sh
+++ b/utils/gotifypush.sh
@ -1,28 +0,0 @@
-#!/bin/bash
-
-#Use ./gotifypush <title> <message> <priority> <token> <clickurl>
-
-# uncomment when use script from cron
-PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
-
-# Gotify notification parameters
-TITLE=$1
-MESSAGE=$2
-PRIORITY=$3
-URL="$E7S_GOTIFY_SERVER_URL/message?token=$4"
-#if url passed by parameter, set to extras
-if [ -n "$5" ]
-then
-        EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}, \"client::notification\": {\"click\": {  \"url\": \"$5\"}}}"
-else
-        EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}}"
-fi
-
-# prevent gotify post error: invalid character '\\n' in string literal
-# scape \\n newlines for json
-# https://unix.stackexchange.com/questions/453883/how-to-escape-new-line-characters-for-json
-# MESSAGE=$(echo "$MESSAGE" | sed -z 's/\n/\\n/g')
-
-# better curl usage https://github.com/gotify/server/issues/68
-#curl --silent --output /dev/null --show-error --fail -X .... #silent curl execution, no output, only html code if error
-curl -X POST "${URL}" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${MESSAGE}\", \"priority\": ${PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"