From ca556a1807740956f2d0d737810361c047cb9c5e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Roger=20P=C3=A0mies?= <roger@estudiset.cat>
Date: Sun, 18 May 2025 23:43:52 +0200
Subject: [PATCH] minor changes notification scripts section

---
 scan_chk.sh         | 44 +++++++++++++++++++++++++++++++++++---------
 scan_clam.sh        | 40 +++++++++++++++++++++++++++-------------
 scan_rkh.sh         | 24 ++++++++++++++++--------
 updates_notifier.sh |  4 ++--
 utils/gotifypush.sh | 28 ----------------------------
 5 files changed, 80 insertions(+), 60 deletions(-)
 delete mode 100644 utils/gotifypush.sh

diff --git a/scan_chk.sh b/scan_chk.sh
index 591ba57..3090ed9 100644
--- a/scan_chk.sh
+++ b/scan_chk.sh
@@ -4,36 +4,62 @@
 PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
 
 # variables
-LOGFILE="$(hostname)_chkrootkit-$(date +'%Y-%m-%d').txt";
+readonly LOGFILE="$(hostname)_chkrootkit-$(date +'%Y-%m-%d').txt"
+readonly NC_USER="log"
+readonly NC_PASS="t1todelogs"
+readonly NC_URL_WEBDAV="https://cloud.studi7.com/remote.php/dav/files"
+readonly GOTIFY_TOKEN="A4w5ShWUHxcTLbx"
+readonly GOTIFY_HOST="https://push.studi7.com"
+readonly GOTIFY_PRIORITY=5
 GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"**  \r"
-LOGS_RELATIVE_PATH="security/"
-readonly TOKEN="<TOKEN_GOTIFY_APP>"
 
 # vars chkrootkit
 SNIFFERS_WHITELIST="dhclient"
-FILES_WHITELIST="/usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document "
+SNIFFERS_WHITELIST="${SNIFFERS_WHITELIST} enp3s0"
+FILES_WHITELIST="/usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document"
 FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htaccess "
 FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htpasswd "
 FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/*/.htaccess "
 FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/*/.htpasswd"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/jvm/.java-1.11.0-openjdk-amd64.jinfo"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/jvm/.java-1.17.0-openjdk-amd64.jinfo"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/debug/.build-id"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/libreoffice/share/.registry"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/glances/outputs/static/.gitignore"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/tests/baseline_images/.keep"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/tests/tinypages/_static/.gitignore"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/tests/tinypages/.gitignore"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.eslintrc.js"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.prettierignore"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.prettierrc"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document"
+FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/debug/.build-id"
+# disable tests because always generate output: z2 chkutmp
+ACTIVE_TESTS="aliens asp bindshell lkm rexedcs sniffer w55808 wted scalper slapper OSX_RSPLUG amd basename biff chfn chsh cron crontab date du dirname echo egrep env find fingerd gpm grep hdparm su ifconfig inetd"
+ACTIVE_TESTS="${ACTIVE_TESTS} inetdconf identd init killall ldsopreload login ls lsof mail mingetty netstat named passwd pidof pop2 pop3 ps pstree rpcinfo rlogind rshd slogin sendmail sshd syslogd tar tcpd tcpdump top telnetd timed traceroute vdir w write"
+
+OUT=$(chkrootkit -q -s "$SNIFFERS_WHITELIST" -e "$FILES_WHITELIST" $ACTIVE_TESTS)
 
-OUT=$(chkrootkit -q -s "$SNIFFERS_WHITELIST" -e "$FILES_WHITELIST")
 if [ -n "$OUT" ]
 then
   issues=$(echo "$OUT" | wc -l)
   OUT=$(echo "$OUT" | sed -z 's/\n/\\n/g')
   echo $OUT > "./$LOGFILE"
 
-  # send log to logs public archive
-  LOG_URL=$(sh ./utils/logger.sh "./$LOGFILE" $LOGS_RELATIVE_PATH)
+  #send log to nextcloud folder                                                                                       │  GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
+  curl -u $NC_USER:$NC_PASS -T "./$LOGFILE" "$NC_URL_WEBDAV/$NC_USER/"
+
   # delete local log
   rm $LOGFILE
 
   GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"**  \r"
   GOTIFY_MESSAGE="${GOTIFY_MESSAGE} There are **$issues** security issues  \r"
-  GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
+  GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($NC_URL_WEBDAV/$NC_USER/$LOGFILE)"
 
-  sh ./utils/gotifypush.sh "CHK Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
+  # send gotify notification
+  TITLE="CHK Scan $(hostname)"
+  EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}, \"client::notification\": {\"click\": {  \"url\": \"$NC_URL_WEBDAV/$NC_USER/$LOGFILE\"}}}"
+  curl -X POST "$GOTIFY_HOST/message?token=$GOTIFY_TOKEN" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${GOTIFY_MESSAGE}\", \"priority\": ${GOTIFY_PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"
 else
         echo "[chkrootkit] system clean"
 fi
diff --git a/scan_clam.sh b/scan_clam.sh
index 470dd78..f5636d0 100644
--- a/scan_clam.sh
+++ b/scan_clam.sh
@@ -4,24 +4,32 @@
 PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
 
 # variables
-LOGFILE="$(hostname)_clamav-$(date +'%Y-%m-%d').log";
+readonly LOGFILE="$(hostname)_clamav-$(date +'%Y-%m-%d').log"
+readonly NC_USER="log"
+readonly NC_PASS="t1todelogs"
+readonly NC_URL_WEBDAV="https://cloud.studi7.com/remote.php/dav/files"
+readonly GOTIFY_TOKEN="A4w5ShWUHxcTLbx"
+readonly GOTIFY_HOST="https://push.studi7.com"
+readonly GOTIFY_PRIORITY=5
+readonly CLAM_LOGPATH="/var/log/clamav/scan/"
+readonly LOGS_PRESERVE_DAYS=30
+# Multiple folders separate by space
+readonly CLAM_DIRSTOSCAN="/home/roger/Baixades/ /home/roger/Públic/"
 GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"**  \r"
-LOGS_RELATIVE_PATH="security/"
 MALWARE_FOUND=false
-readonly TOKEN="<TOKEN_GOTIFY_APP>";
 
-mkdir -p $E7S_CLAM_LOGPATH
+mkdir -p $CLAM_LOGPATH
 
-for S in ${E7S_CLAM_DIRSTOSCAN}; do
+for S in ${CLAM_DIRSTOSCAN}; do
  DIRSIZE=$(du -sh "$S" 2>/dev/null | cut -f1);
 
  echo "Starting a daily scan of "$S" directory. Amount of data to be scanned is "$DIRSIZE".";
 
- clamscan -ri "$S" >> "$E7S_CLAM_LOGPATH$LOGFILE";
- echo "Scanned folder: "$S >> "$E7S_CLAM_LOGPATH$LOGFILE";
+ clamscan -ri "$S" >> "$CLAM_LOGPATH$LOGFILE";
+ echo "Scanned folder: "$S >> "$CLAM_LOGPATH$LOGFILE";
 
  # get the value of "Infected lines"
- MALWARE=$(tail "$E7S_CLAM_LOGPATH$LOGFILE"|grep Infected|cut -d" " -f3);
+ MALWARE=$(tail "$CLAM_LOGPATH$LOGFILE"|grep Infected|cut -d" " -f3);
 
  # if the value is not equal to zero, send an email with the log file attached
  if [ "$MALWARE" -ne "0" ];then
@@ -34,14 +42,20 @@ done
 
 if $MALWARE_FOUND
 then
-   # send log to logs public archive
-   LOG_URL=$(sh ./utils/logger.sh "$E7S_CLAM_LOGPATH$LOGFILE" $LOGS_RELATIVE_PATH)
+   # send log to nextcloud folder
+   #LOG_URL=$(sh ./utils/logger.sh "$CLAM_LOGPATH$LOGFILE" $LOGS_RELATIVE_PATH)
+   curl -u $NC_USER:$NC_PASS -T "$CLAM_LOGPATH$LOGFILE" "$NC_URL_WEBDAV/$NC_USER/"
+
    GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"**  \r"
-   GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
-   sh ./utils/gotifypush.sh "ClamAV Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
+   GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($NC_URL_WEBDAV/$NC_USER/$LOGFILE)"
+   #sh ./utils/gotifypush.sh "ClamAV Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
+   # send gotify notification
+   TITLE="ClamAV Scan $(hostname)"
+   EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}, \"client::notification\": {\"click\": {  \"url\": \"$NC_URL_WEBDAV/$NC_USER/$LOGFILE\"}}}"
+   curl -X POST "$GOTIFY_HOST/message?token=$GOTIFY_TOKEN" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${GOTIFY_MESSAGE}\", \"priority\": ${GOTIFY_PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"
 fi
 
 #clean old logs files
-find $E7S_CLAM_LOGPATH -maxdepth 1 -mtime +$E7S_LOGS_PRESERVE_DAYS -exec "rm" -R {} \;
+find $CLAM_LOGPATH -maxdepth 1 -mtime +$LOGS_PRESERVE_DAYS -exec "rm" -R {} \;
 
 exit 0
diff --git a/scan_rkh.sh b/scan_rkh.sh
index e463b34..b4666eb 100644
--- a/scan_rkh.sh
+++ b/scan_rkh.sh
@@ -4,26 +4,34 @@
 PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
 
 # variables
-LOGFILE="$(hostname)_rkhunter-$(date +'%Y-%m-%d').log";
+readonly LOGFILE="$(hostname)_rkhunter-$(date +'%Y-%m-%d').txt"
+readonly NC_USER="log"
+readonly NC_PASS="t1todelogs"
+readonly NC_URL_WEBDAV="https://cloud.studi7.com/remote.php/dav/files"
+readonly GOTIFY_TOKEN="A4w5ShWUHxcTLbx"
+readonly GOTIFY_HOST="https://push.studi7.com"
+readonly GOTIFY_PRIORITY=5
 GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"**  \r"
-LOGS_RELATIVE_PATH="security/"
-readonly TOKEN="<TOKEN_GOTIFY_APP>"
 
-OUT=$(rkhunter -c -sk --rwo -l "./$LOGFILE")
+OUT=$(rkhunter -c --sk --enable rootkits,malware,trojans --rwo -l "./$LOGFILE")
 if [ -n "$OUT" ]
 then
   issues=$(echo "$OUT" | wc -l)
 
-  # send log to logs public archive
-  LOG_URL=$(sh ./utils/logger.sh "./$LOGFILE" $LOGS_RELATIVE_PATH)
+  #send log to nextcloud folder
+  curl -u $NC_USER:$NC_PASS -T "./$LOGFILE" "$NC_URL_WEBDAV/$NC_USER/"
+
   # delete local log
   rm $LOGFILE
 
   GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"**  \r"
   GOTIFY_MESSAGE="${GOTIFY_MESSAGE} There are **$issues** security issues  \r"
-  GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
+  GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($NC_URL_WEBDAV/$NC_USER/$LOGFILE)"
 
-  sh ./utils/gotifypush.sh "RKH Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
+  # send gotify notification
+  TITLE="RKH Scan $(hostname)"
+  EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}, \"client::notification\": {\"click\": {  \"url\": \"$NC_URL_WEBDAV/$NC_USER/$LOGFILE\"}}}"
+  curl -X POST "$GOTIFY_HOST/message?token=$GOTIFY_TOKEN" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${GOTIFY_MESSAGE}\", \"priority\": ${GOTIFY_PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"
 else
   echo "[rkhunter] system clean"
 fi
diff --git a/updates_notifier.sh b/updates_notifier.sh
index 805832b..72f13de 100644
--- a/updates_notifier.sh
+++ b/updates_notifier.sh
@@ -10,8 +10,8 @@ if [[ $EUID -ne 0 ]]; then
 fi
 
 # vars gotify
-readonly GOTIFY_TOKEN="<TOKEN_GOTIFY_APP>"
-readonly GOTIFY_HOST="<GOTIFY_HOST>"
+readonly GOTIFY_TOKEN="AIbX-rqHb6h0-BZ"
+readonly GOTIFY_HOST="https://push.studi7.com"
 readonly GOTIFY_PRIORITY=5
 
 apt update -qq
diff --git a/utils/gotifypush.sh b/utils/gotifypush.sh
deleted file mode 100644
index ed9548c..0000000
--- a/utils/gotifypush.sh
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/bash
-
-#Use ./gotifypush <title> <message> <priority> <token> <clickurl>
-
-# uncomment when use script from cron
-PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
-
-# Gotify notification parameters
-TITLE=$1
-MESSAGE=$2
-PRIORITY=$3
-URL="$E7S_GOTIFY_SERVER_URL/message?token=$4"
-#if url passed by parameter, set to extras
-if [ -n "$5" ]
-then
-        EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}, \"client::notification\": {\"click\": {  \"url\": \"$5\"}}}"
-else
-        EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}}"
-fi
-
-# prevent gotify post error: invalid character '\\n' in string literal
-# scape \\n newlines for json
-# https://unix.stackexchange.com/questions/453883/how-to-escape-new-line-characters-for-json
-# MESSAGE=$(echo "$MESSAGE" | sed -z 's/\n/\\n/g')
-
-# better curl usage https://github.com/gotify/server/issues/68
-#curl --silent --output /dev/null --show-error --fail -X .... #silent curl execution, no output, only html code if error
-curl -X POST "${URL}" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${MESSAGE}\", \"priority\": ${PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"