done #2

2023-07-21 10:30:04 +02:00 · 2023-07-21 10:30:04 +02:00 · f42eddacbb
commit f42eddacbb
parent 3404a130c0
3 changed files with 37 additions and 5 deletions
--- a/scan_chk.sh
+++ b/scan_chk.sh
@ -2,6 +2,9 @@

 PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin

+LOGFILE="$(hostname)_chkrootkit-$(date +'%Y-%m-%d').txt";
+GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"**  \r"
+
 # vars gotify
 readonly TOKEN="<TOKEN_GOTIFY_APP>"

@ -16,7 +19,20 @@ FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/test
 OUT=$(chkrootkit -q -s "$SNIFFERS_WHITELIST" -e "$FILES_WHITELIST")
 if [ -n "$OUT" ]
 then
-        sh ./utils/gotifypush.sh "CHK Scan $(hostname)" "$OUT" 5 $TOKEN
+  issues=$(echo "$OUT" | wc -l)
+  OUT=$(echo "$OUT" | sed -z 's/\n/\\n/g')
+  echo $OUT > "./$LOGFILE"
+
+  # send log to logs public archive
+  LOG_URL=$(sh ./utils/logger.sh "./$LOGFILE")
+  # delete local log
+  rm $LOGFILE
+
+  GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"**  \r"
+  GOTIFY_MESSAGE="${GOTIFY_MESSAGE} There are **$issues** security issues  \r"
+  GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
+
+  sh ./utils/gotifypush.sh "CHK Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
 else
        echo "[chkrootkit] system clean"
 fi
--- a/scan_rkh.sh
+++ b/scan_rkh.sh
@ -1,14 +1,30 @@
+GNU nano 5.4                                                                                                      scan_rkh.sh
 #!/bin/bash

 PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin

+LOGFILE="$(hostname)_rkhunter-$(date +'%Y-%m-%d').txt";
+GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"**  \r"
+
 #vars rkhunter
 readonly TOKEN="<TOKEN_GOTIFY_APP>"

-OUT=$(rkhunter -c -sk --rwo)
+OUT=$(rkhunter -c -sk --rwo -l "./rkhunter.log")
 if [ -n "$OUT" ]
 then
-        sh ./utils/gotifypush.sh "RKH Scan $(hostname)" "$OUT" 5 $TOKEN
+  issues=$(echo "$OUT" | wc -l)
+  mv "./rkhunter.log" "./$LOGFILE"
+
+  # send log to logs public archive
+  LOG_URL=$(sh ./utils/logger.sh "./$LOGFILE")
+  # delete local log
+  rm $LOGFILE
+
+  GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"**  \r"
+  GOTIFY_MESSAGE="${GOTIFY_MESSAGE} There are **$issues** security issues  \r"
+  GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
+
+  sh ./utils/gotifypush.sh "RKH Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
 else
-        echo "[rkhunter] system clean"
+  echo "[rkhunter] system clean"
 fi
--- a/utils/gotifypush.sh
+++ b/utils/gotifypush.sh
@ -21,7 +21,7 @@ fi
 # prevent gotify post error: invalid character '\\n' in string literal
 # scape \\n newlines for json
 # https://unix.stackexchange.com/questions/453883/how-to-escape-new-line-characters-for-json
-MESSAGE=$(echo "$MESSAGE" | sed -z 's/\n/\\n/g')
+# MESSAGE=$(echo "$MESSAGE" | sed -z 's/\n/\\n/g')

 # better curl usage https://github.com/gotify/server/issues/68
 #curl --silent --output /dev/null --show-error --fail -X .... #silent curl execution, no output, only html code if error