Compare commits
13 Commits
Author | SHA1 | Date |
---|---|---|
Roger Pàmies Fabra | bb3e2ac6ec | |
Roger Pàmies Fabra | 0262d93deb | |
Roger Pàmies Fabra | 03351da5a0 | |
Roger Pàmies Fabra | 9907ccef25 | |
Roger Pàmies Fabra | 297c047dc9 | |
Roger Pàmies Fabra | 10e235ab0b | |
Roger Pàmies Fabra | 56646e8083 | |
Roger Pàmies Fabra | d6900f9e35 | |
Roger Pàmies Fabra | b672496f67 | |
Roger Pàmies Fabra | 8fe4e56c04 | |
Roger Pàmies Fabra | 4323a3940d | |
Roger Pàmies Fabra | f42eddacbb | |
Roger Pàmies Fabra | 3404a130c0 |
49
README.md
49
README.md
|
@ -1,29 +1,66 @@
|
|||
# Bash Scripts collection
|
||||
|
||||
wget -O init_scripts.sh https://git.studi7.com/roger/bashscripts/raw/branch/master/init_scripts.sh && chmod +x init_scripts.sh && ./init_scripts.sh
|
||||
TODO: Need install packages for each script
|
||||
|
||||
## gotifypush.sh
|
||||
## Permanent enviroment variables in ~/.profile
|
||||
|
||||
Append file `~/.profile` with this variables:
|
||||
|
||||
```
|
||||
# E7 Scripts
|
||||
# ClamAV scan script
|
||||
export E7S_CLAM_LOGPATH="/path/to/logs/"
|
||||
# Multiple folders separate by space
|
||||
export E7S_CLAM_DIRSTOSCAN="/path/to/target/"
|
||||
# Global script variables
|
||||
export E7S_GOTIFY_SERVER_URL="https://push.example.com"
|
||||
export E7S_LOGS_PRESERVE_DAYS=30
|
||||
export ES7_LOGS_SERVER_SSH="server.example.com"
|
||||
export ES7_LOGS_PATH="/path/to/web/root/"
|
||||
export ES7_LOGS_URL="https://logs.example.com"
|
||||
```
|
||||
|
||||
## Scripts
|
||||
|
||||
### utils/gotifypush.sh
|
||||
|
||||
Send markdown notifications to gotify channel throught curl
|
||||
|
||||
* Usage: `./gotifypush.sh <title> <message> <priority> <token> <clickurl>`
|
||||
|
||||
## scan_chk.sh
|
||||
### utils/logger.sh
|
||||
|
||||
Save logs into remote server and publish it into web server
|
||||
|
||||
* Usage: `./logger.sh <logfile> <relativepath>`
|
||||
|
||||
### scan_chk.sh
|
||||
|
||||
Scan rootkits into system with chkrootkit
|
||||
|
||||
* Usage: `./scan_chk.sh`
|
||||
|
||||
## scan_rkh.sh
|
||||
### scan_rkh.sh
|
||||
|
||||
Scan rootkits into system with rkhunter
|
||||
|
||||
* Usage: `./scan_rkh.sh`
|
||||
|
||||
## scan_clam.sh
|
||||
### scan_clam.sh
|
||||
|
||||
Scan virus and malware into system with clamav
|
||||
|
||||
* Usage: `./scan_clam.sh`
|
||||
|
||||
**NOTE:** Need set paths (DIRTOSCAN variable) to scan
|
||||
### updates_notifier.sh
|
||||
|
||||
TODO!
|
||||
|
||||
## Some tips
|
||||
|
||||
* https://www.appsloveworld.com/bash/100/6/how-have-both-local-and-remote-variable-inside-an-ssh-command
|
||||
* https://stackoverflow.com/questions/27932694/shell-script-ssh-server-eof (script detect expire users)
|
||||
* use xargs: https://www.baeldung.com/linux/xargs-multiple-arguments
|
||||
* load env vars in cron: https://www.baeldung.com/linux/load-env-variables-in-cron-job
|
||||
* crontab need path sometimes: https://askubuntu.com/questions/117978/script-doesnt-run-via-crontab-but-works-fine-standalone
|
||||
* errors and best practices: https://tecadmin.net/resolved-unary-operator-expected-error-in-bash/
|
||||
|
|
|
@ -0,0 +1,19 @@
|
|||
#!/bin/bash
|
||||
|
||||
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
|
||||
|
||||
GOTIFY_TOKEN="token"
|
||||
GOTIFY_MESSAGE="Backup task init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
|
||||
GITEA_DIR="/path/to/gitea"
|
||||
BACKUP_FILE="gitea-backup_"`date +\%Y\%m\%d`".zip"
|
||||
REMOTE_SERVER="remote.example.com"
|
||||
REMOTE_PATH="/path/to/remote/store/backups/"
|
||||
|
||||
# gitea
|
||||
su - gitea -s /bin/bash -c "$GITEA_DIR/gitea dump -c $GITEA_DIR/custom/conf/app.ini --file $BACKUP_FILE --tempdir $GITEA_DIR/"
|
||||
rsync -AaxzPh --remove-source-files "$GITEA_DIR/$BACKUP_FILE" "$REMOTE_SERVER:$REMOTE_PATH"
|
||||
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Backup task end: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
|
||||
|
||||
# send gotify notification
|
||||
sh ./gotifypush.sh "Gitea $(hostname) Backup" "$GOTIFY_MESSAGE" 5 "$GOTIFY_TOKEN"
|
|
@ -0,0 +1,94 @@
|
|||
#!/bin/bash
|
||||
|
||||
###################################################################################
|
||||
# Nextcloud Backups as incremental mode, using rdiff-backup
|
||||
#
|
||||
# 1. Backup database and send to remote backups server throught rsync using
|
||||
# ssh public/private key configuration.
|
||||
# 2. Set X days to preserve db backups
|
||||
# 3. Backup data folder of nextcloud using rdiff-backup (https://rdiff-backup.net/)
|
||||
# 4. Set X days to preserve rdiff-backups increments
|
||||
# 5. Get report statistics of rdiff-backup and send push message throught gotify
|
||||
# self-hosted server (https://gotify.net/).
|
||||
#
|
||||
# Tools needed: mysqldump, gzip. rsync, rdiff-backup, curl
|
||||
# TODO: save current version 'sudo -u www-data php /var/www/html/nextcloud/occ config:system:get version'
|
||||
###################################################################################
|
||||
|
||||
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
|
||||
|
||||
# variables push notifications
|
||||
readonly GOTIFY_TOKEN="<GOTIFY_TOKEN>"
|
||||
readonly GOTIFY_HOST="<GOTIFY_HOST>"
|
||||
readonly GOTIFY_PRIORITY=5
|
||||
# backup db variables
|
||||
readonly BACKUP_DB_FILE="nextcloud-sqlbkp-"`date +\%Y\%m\%d`".sql"
|
||||
readonly DB_HOST="<DB_HOST>"
|
||||
readonly DB_USER="<DB_USER>"
|
||||
readonly DB_PASS="<DB_PASS>"
|
||||
readonly DB_NAME="<DB_NAME>"
|
||||
# backup data variables
|
||||
readonly NEXTCLOUD_DATA="<NEXTCLOUD_DATA>"
|
||||
readonly NEXTCLOUD_DIR="<NEXTCLOUD_DIR>"
|
||||
readonly INCLUDE_LIST="include-list"
|
||||
# remote settings
|
||||
readonly REMOTE_SERVER="<REMOTE_SERVER>"
|
||||
# TODO: Use $(hostname) "/path/to/example/"`hostname`"/nextcloud"
|
||||
readonly REMOTE_PATH="<REMOTE_PATH>"
|
||||
readonly REMOTE_NC_DATA_FOLDER="files"
|
||||
readonly REMOTE_NC_DB_FOLDER="db"
|
||||
readonly REMOTE_NC_DIR_FOLDER="dir"
|
||||
readonly BACKUP_PRESERVE_DAYS=60
|
||||
|
||||
# create include list file and set exclude logs
|
||||
touch $INCLUDE_LIST
|
||||
cat > $INCLUDE_LIST <<EOF
|
||||
- **nextcloud.log
|
||||
- **nextcloud.log*
|
||||
- **updater.log
|
||||
EOF
|
||||
|
||||
# init notification message
|
||||
MESSAGE="Backup task init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
|
||||
|
||||
# dump and backup db nextcloud handycat and rsync deleting origin
|
||||
mysqldump --single-transaction --verbose -h $DB_HOST -u $DB_USER -p$DB_PASS $DB_NAME > $BACKUP_DB_FILE
|
||||
gzip $BACKUP_DB_FILE
|
||||
|
||||
# TODO: force create multiple paths (mkdir -p) if not exist with rsync trick
|
||||
# https://www.schwertly.com/2013/07/forcing-rsync-to-create-a-remote-path-using-rsync-path/
|
||||
rsync -AaxzPh --remove-source-files "$BACKUP_DB_FILE.gz" "$REMOTE_SERVER:$REMOTE_PATH/$REMOTE_NC_DB_FOLDER"
|
||||
|
||||
# clear X days old remote db backups
|
||||
ssh $REMOTE_SERVER 'bash -s' << EOF
|
||||
find "$REMOTE_PATH/$REMOTE_NC_DB_FOLDER" -maxdepth 1 -mtime +$BACKUP_PRESERVE_DAYS -print -exec "rm" -R {} \;
|
||||
EOF
|
||||
|
||||
# rdiff-backup all dir of nextcloud
|
||||
rdiff-backup backup $NEXTCLOUD_DIR "$REMOTE_SERVER::$REMOTE_PATH/$REMOTE_NC_DIR_FOLDER"
|
||||
# clear X days old increments of backup dir
|
||||
rdiff-backup remove increments --older-than "${BACKUP_PRESERVE_DAYS}D" "$REMOTE_SERVER::$REMOTE_PATH/$REMOTE_NC_DIR_FOLDER"
|
||||
|
||||
# rdiff-backup all data of nextcloud
|
||||
OUT=$(rdiff-backup backup --print-statistics --include-globbing-filelist $INCLUDE_LIST $NEXTCLOUD_DATA \
|
||||
"$REMOTE_SERVER::$REMOTE_PATH/$REMOTE_NC_DATA_FOLDER")
|
||||
# set output lines into array and append notification message
|
||||
readarray -t stats <<<"$OUT"
|
||||
for val in "${stats[@]}"; do
|
||||
line=$(echo $val | tr -d '-')
|
||||
MESSAGE="${MESSAGE} $line \r"
|
||||
done
|
||||
|
||||
# clear X days old increments of backup data
|
||||
rdiff-backup remove increments --older-than "${BACKUP_PRESERVE_DAYS}D" \
|
||||
"$REMOTE_SERVER::$REMOTE_PATH/$REMOTE_NC_DATA_FOLDER"
|
||||
|
||||
MESSAGE="${MESSAGE} Backup task end: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
|
||||
|
||||
rm $INCLUDE_LIST
|
||||
|
||||
# send gotify notification
|
||||
TITLE="NC $(hostname) Backup"
|
||||
EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}}"
|
||||
curl -X POST "$GOTIFY_HOST/message?token=$GOTIFY_TOKEN" -H "accept: application/json" -H "Content-Type: application/json" \
|
||||
-d "{ \"message\": \"${MESSAGE}\", \"priority\": ${GOTIFY_PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"
|
|
@ -0,0 +1,24 @@
|
|||
#!/bin/bash
|
||||
|
||||
#Use ./unbanipcloud.sh <ip>
|
||||
echo $#
|
||||
|
||||
JAIL_NAME=$ES7_F2B_JAIL_NAME
|
||||
REMOTE_SERVER="estudiset.nextcloud.handycat"
|
||||
UNBAN_IP=$1
|
||||
|
||||
if [ $# -eq 0 ]; then
|
||||
echo "Falta la IP a desbloquejar com a argument. Per exemple: $0 X.X.X.X"
|
||||
exit 1
|
||||
elif [ $# -eq 2 ]; then
|
||||
JAIL_NAME=$2
|
||||
fi
|
||||
|
||||
# unban with fail2ban
|
||||
out=$(ssh $REMOTE_SERVER "sudo fail2ban-client set $JAIL_NAME unbanip $UNBAN_IP")
|
||||
|
||||
if [ "$out" -eq "1" ]; then
|
||||
echo "La IP [$UNBAN_IP] s'ha desbloquejat correctament"
|
||||
else
|
||||
echo "No s'ha trobat la IP [$UNBAN_IP] a la llista de bloquejos"
|
||||
fi
|
111
init_scripts.sh
111
init_scripts.sh
|
@ -1,111 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Functions
|
||||
show_cron_help () {
|
||||
echo "--------------------------------------------"
|
||||
echo "* * * * * command to be executed"
|
||||
echo "- - - - -"
|
||||
echo "| | | | |"
|
||||
echo "| | | | ----- Day of week (0 - 7) (Sunday=0 or 7)"
|
||||
echo "| | | ------- Month (1 - 12)"
|
||||
echo "| | --------- Day of month (1 - 31)"
|
||||
echo "| ----------- Hour (0 - 23)"
|
||||
echo "------------- Minute (0 - 59)"
|
||||
echo "Examples:"
|
||||
echo "(predefined) @annually | @yearly | @monthly | @weekly | @daily | @hourly | @reboot"
|
||||
echo "(every) @every 5s | @every 20h30m"
|
||||
echo "(custom) 10 20 * * * | 0 3 * * 1-5"
|
||||
echo -e "--------------------------------------------\n"
|
||||
}
|
||||
|
||||
get_cron () {
|
||||
cron=false
|
||||
while [ "$cron" != "true" ]
|
||||
do
|
||||
read -p 'Escriu el periode del cron: ' CRON
|
||||
case $CRON in
|
||||
("") echo "El cron no pot ser buit";;
|
||||
(*) cron=true #echo "just numeric";;
|
||||
esac
|
||||
done
|
||||
echo "$CRON"
|
||||
}
|
||||
# End functions
|
||||
|
||||
readonly SCRIPTS_FOLDER="e7scripts"
|
||||
readonly GOTIFY_SCRIPT_NAME="gotifypush.sh"
|
||||
readonly GOTIFY_SCRIPT_URL="https://git.studi7.com/roger/bashscripts/raw/branch/master/gotifypush.sh"
|
||||
readonly UPDATES_SCRIPT_NAME="updates_notifier.sh"
|
||||
readonly UPDATES_SCRIPT_URL="https://git.studi7.com/roger/bashscripts/raw/branch/master/updates_notifier.sh"
|
||||
|
||||
#verify run as root or sudo
|
||||
if [[ $EUID -ne 0 ]]; then
|
||||
echo "This script must be run as root"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
#set -f
|
||||
#func_result="$(get_cron)"
|
||||
#echo $func_result
|
||||
#set +f
|
||||
|
||||
echo "/////////////////////////////////////////"
|
||||
echo "Benvingut a l'instalador d'Scripts"
|
||||
echo -e "/////////////////////////////////////\n"
|
||||
|
||||
finished=false
|
||||
while [ "$finished" != "true" ]
|
||||
do
|
||||
|
||||
# Choose script to install
|
||||
echo "0) Sortir de l'instalador"
|
||||
echo "1) Notificador dels resultats dels scripts (Gotify Push Notifications)"
|
||||
echo "2) Notificador d'actualitzacions"
|
||||
echo "3) Escaneig de rootkits amb RK Hunter"
|
||||
echo "4) Escaneig de rootkits amb CHK Rootkit"
|
||||
echo -e "5) Escaneig de virus amb ClamAV\n"
|
||||
|
||||
choosed=false
|
||||
while [ "$choosed" != "true" ]
|
||||
do
|
||||
read -p 'Indica quin script vols instal·lar (0 per sortir): ' SCRIPT_NUM
|
||||
case $SCRIPT_NUM in
|
||||
("") echo "El número no pot ser buit";;
|
||||
(*[!0-9]*) echo "Has d'introduir un número";;
|
||||
(*) choosed=true #echo "just numeric";;
|
||||
esac
|
||||
done
|
||||
|
||||
if [ "$SCRIPT_NUM" = "0" ]; then
|
||||
finished=true
|
||||
exit 0
|
||||
elif [ "$SCRIPT_NUM" = "1" ]; then
|
||||
mkdir -p $SCRIPTS_FOLDER
|
||||
wget -O "$SCRIPTS_FOLDER/$GOTIFY_SCRIPT_NAME" $GOTIFY_SCRIPT_URL
|
||||
read -p 'Indica el domini de gotify: ' GOTIFY_DOMAIN
|
||||
sed -i "s/push.example.com/$GOTIFY_DOMAIN/" "$SCRIPTS_FOLDER/$GOTIFY_SCRIPT_NAME"
|
||||
chmod +x "$SCRIPTS_FOLDER/$GOTIFY_SCRIPT_NAME"
|
||||
echo -e "Script instal·lat correctament\n"
|
||||
elif [ "$SCRIPT_NUM" = "2" ];then
|
||||
mkdir -p $SCRIPTS_FOLDER
|
||||
wget -O "$SCRIPTS_FOLDER/$UPDATES_SCRIPT_NAME" $UPDATES_SCRIPT_URL
|
||||
read -p 'Indica el token del canal de gotify: ' TOKEN
|
||||
sed -i "s/<TOKEN_GOTIFY_APP>/$TOKEN/" "$SCRIPTS_FOLDER/$UPDATES_SCRIPT_NAME"
|
||||
sed -i "s/Hostname/$(hostname)/" "$SCRIPTS_FOLDER/$UPDATES_SCRIPT_NAME"
|
||||
chmod +x "$SCRIPTS_FOLDER/$UPDATES_SCRIPT_NAME"
|
||||
echo -e "\nAFEGEIX EL CRON\n"
|
||||
show_cron_help
|
||||
cron="$(get_cron)"
|
||||
#https://stackoverflow.com/questions/878600/how-to-create-a-cron-job-using-bash-automatically-without-the-interactive-editor
|
||||
#remove previous crontab
|
||||
(crontab -l | grep -v -F "$UPDATES_SCRIPT_NAME") | crontab -
|
||||
#add crontab
|
||||
(crontab -l ; echo "$cron cd $(pwd)/$SCRIPTS_FOLDER/ && ./$UPDATES_SCRIPT_NAME 2>&1") | crontab -
|
||||
echo -e "Script instal·lat correctament\n"
|
||||
#TODO Function cron get period
|
||||
|
||||
else
|
||||
echo -e "Aquest número d'script no existeix. Tornar a intentar-ho\n"
|
||||
fi
|
||||
|
||||
done
|
23
scan_chk.sh
23
scan_chk.sh
|
@ -1,11 +1,15 @@
|
|||
#!/bin/bash
|
||||
|
||||
# uncomment when use script from cron
|
||||
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
|
||||
|
||||
# vars gotify
|
||||
# variables
|
||||
LOGFILE="$(hostname)_chkrootkit-$(date +'%Y-%m-%d').txt";
|
||||
GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
|
||||
LOGS_RELATIVE_PATH="security/"
|
||||
readonly TOKEN="<TOKEN_GOTIFY_APP>"
|
||||
|
||||
#vars chkrootkit
|
||||
# vars chkrootkit
|
||||
SNIFFERS_WHITELIST="dhclient"
|
||||
FILES_WHITELIST="/usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document "
|
||||
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htaccess "
|
||||
|
@ -16,7 +20,20 @@ FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/test
|
|||
OUT=$(chkrootkit -q -s "$SNIFFERS_WHITELIST" -e "$FILES_WHITELIST")
|
||||
if [ -n "$OUT" ]
|
||||
then
|
||||
sh ./gotifypush.sh "CHK Scan handycat cloud" "$OUT" 5 $TOKEN
|
||||
issues=$(echo "$OUT" | wc -l)
|
||||
OUT=$(echo "$OUT" | sed -z 's/\n/\\n/g')
|
||||
echo $OUT > "./$LOGFILE"
|
||||
|
||||
# send log to logs public archive
|
||||
LOG_URL=$(sh ./utils/logger.sh "./$LOGFILE" $LOGS_RELATIVE_PATH)
|
||||
# delete local log
|
||||
rm $LOGFILE
|
||||
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} There are **$issues** security issues \r"
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
|
||||
|
||||
sh ./utils/gotifypush.sh "CHK Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
|
||||
else
|
||||
echo "[chkrootkit] system clean"
|
||||
fi
|
||||
|
|
37
scan_clam.sh
37
scan_clam.sh
|
@ -1,32 +1,47 @@
|
|||
#!/bin/bash
|
||||
LOGDIR="/var/log/clamav/scan/";
|
||||
LOGFILE="clamav-$(date +'%Y-%m-%d').log";
|
||||
DIRTOSCAN="/path/to/folder/to/scan"; #multiple folders separate by space
|
||||
|
||||
# uncomment when use script from cron
|
||||
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
|
||||
|
||||
# variables
|
||||
LOGFILE="$(hostname)_clamav-$(date +'%Y-%m-%d').log";
|
||||
GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
|
||||
LOGS_RELATIVE_PATH="security/"
|
||||
MALWARE_FOUND=false
|
||||
readonly TOKEN="<TOKEN_GOTIFY_APP>";
|
||||
LOG_PRESERVE_DAYS=30;
|
||||
|
||||
mkdir -p $LOGDIR
|
||||
mkdir -p $E7S_CLAM_LOGPATH
|
||||
|
||||
for S in ${DIRTOSCAN}; do
|
||||
for S in ${E7S_CLAM_DIRSTOSCAN}; do
|
||||
DIRSIZE=$(du -sh "$S" 2>/dev/null | cut -f1);
|
||||
|
||||
echo "Starting a daily scan of "$S" directory. Amount of data to be scanned is "$DIRSIZE".";
|
||||
|
||||
clamscan -ri "$S" >> "$LOGDIR$LOGFILE";
|
||||
echo "Scanned folder: "$S >> "$LOGDIR$LOGFILE";
|
||||
clamscan -ri "$S" >> "$E7S_CLAM_LOGPATH$LOGFILE";
|
||||
echo "Scanned folder: "$S >> "$E7S_CLAM_LOGPATH$LOGFILE";
|
||||
|
||||
# get the value of "Infected lines"
|
||||
MALWARE=$(tail "$LOGDIR$LOGFILE"|grep Infected|cut -d" " -f3);
|
||||
MALWARE=$(tail "$E7S_CLAM_LOGPATH$LOGFILE"|grep Infected|cut -d" " -f3);
|
||||
|
||||
# if the value is not equal to zero, send an email with the log file attached
|
||||
if [ "$MALWARE" -ne "0" ];then
|
||||
sh ./gotifypush.sh "CLAMAV Scan Kerodes Studi7" "Scanned folder: **$S** \r $MALWARE" 5 $TOKEN
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Found **$MALWARE** infected files into **$S** \r"
|
||||
MALWARE_FOUND=true
|
||||
else
|
||||
echo "[clamav] No infected files found."
|
||||
fi
|
||||
done
|
||||
|
||||
if $MALWARE_FOUND
|
||||
then
|
||||
# send log to logs public archive
|
||||
LOG_URL=$(sh ./utils/logger.sh "$E7S_CLAM_LOGPATH$LOGFILE" $LOGS_RELATIVE_PATH)
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
|
||||
sh ./utils/gotifypush.sh "ClamAV Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
|
||||
fi
|
||||
|
||||
#clean old logs files
|
||||
find $LOGDIR -maxdepth 1 -mtime +$LOG_PRESERVE_DAYS -exec "rm" -R {} \;
|
||||
find $E7S_CLAM_LOGPATH -maxdepth 1 -mtime +$E7S_LOGS_PRESERVE_DAYS -exec "rm" -R {} \;
|
||||
|
||||
exit 0
|
||||
|
|
23
scan_rkh.sh
23
scan_rkh.sh
|
@ -1,14 +1,29 @@
|
|||
#!/bin/bash
|
||||
|
||||
# uncomment when use script from cron
|
||||
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
|
||||
|
||||
#vars rkhunter
|
||||
# variables
|
||||
LOGFILE="$(hostname)_rkhunter-$(date +'%Y-%m-%d').log";
|
||||
GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
|
||||
LOGS_RELATIVE_PATH="security/"
|
||||
readonly TOKEN="<TOKEN_GOTIFY_APP>"
|
||||
|
||||
OUT=$(rkhunter -c -sk --rwo)
|
||||
OUT=$(rkhunter -c -sk --rwo -l "./$LOGFILE")
|
||||
if [ -n "$OUT" ]
|
||||
then
|
||||
sh ./gotifypush.sh "RKH Scan handycat cloud" "$OUT" 5 $TOKEN
|
||||
issues=$(echo "$OUT" | wc -l)
|
||||
|
||||
# send log to logs public archive
|
||||
LOG_URL=$(sh ./utils/logger.sh "./$LOGFILE" $LOGS_RELATIVE_PATH)
|
||||
# delete local log
|
||||
rm $LOGFILE
|
||||
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} There are **$issues** security issues \r"
|
||||
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
|
||||
|
||||
sh ./utils/gotifypush.sh "RKH Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN
|
||||
else
|
||||
echo "[rkhunter] system clean"
|
||||
echo "[rkhunter] system clean"
|
||||
fi
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
#!/bin/bash
|
||||
|
||||
# uncomment when use script from cron
|
||||
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
|
||||
|
||||
#verify run as root or sudo
|
||||
|
@ -9,7 +10,9 @@ if [[ $EUID -ne 0 ]]; then
|
|||
fi
|
||||
|
||||
# vars gotify
|
||||
readonly TOKEN="<TOKEN_GOTIFY_APP>"
|
||||
readonly GOTIFY_TOKEN="<TOKEN_GOTIFY_APP>"
|
||||
readonly GOTIFY_HOST="<GOTIFY_HOST>"
|
||||
readonly GOTIFY_PRIORITY=5
|
||||
|
||||
apt update -qq
|
||||
|
||||
|
@ -25,5 +28,9 @@ else
|
|||
updates=$(echo $updates|tr -d '\n')
|
||||
OUT="There are **$num** updates: \r"
|
||||
OUT="${OUT} Packages: *$updates*"
|
||||
sh ./gotifypush.sh "Hostname pending updates" "$OUT" 5 $TOKEN
|
||||
|
||||
# send gotify notification
|
||||
TITLE="$(hostname) pending updates"
|
||||
EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}}"
|
||||
curl -X POST "$GOTIFY_HOST/message?token=$GOTIFY_TOKEN" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${OUT}\", \"priority\": ${GOTIFY_PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"
|
||||
fi
|
||||
|
|
|
@ -2,14 +2,14 @@
|
|||
|
||||
#Use ./gotifypush <title> <message> <priority> <token> <clickurl>
|
||||
|
||||
#uncomment when use script from cron
|
||||
# uncomment when use script from cron
|
||||
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
|
||||
|
||||
# Gotify notification parameters
|
||||
TITLE=$1
|
||||
MESSAGE=$2
|
||||
PRIORITY=$3
|
||||
URL="https://push.example.com/message?token=$4"
|
||||
URL="$E7S_GOTIFY_SERVER_URL/message?token=$4"
|
||||
#if url passed by parameter, set to extras
|
||||
if [ -n "$5" ]
|
||||
then
|
||||
|
@ -18,6 +18,11 @@ else
|
|||
EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}}"
|
||||
fi
|
||||
|
||||
# prevent gotify post error: invalid character '\\n' in string literal
|
||||
# scape \\n newlines for json
|
||||
# https://unix.stackexchange.com/questions/453883/how-to-escape-new-line-characters-for-json
|
||||
# MESSAGE=$(echo "$MESSAGE" | sed -z 's/\n/\\n/g')
|
||||
|
||||
# better curl usage https://github.com/gotify/server/issues/68
|
||||
#curl --silent --output /dev/null --show-error --fail -X .... #silent curl execution, no output, only html code if error
|
||||
curl -X POST "${URL}" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${MESSAGE}\", \"priority\": ${PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"
|
|
@ -1,23 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
#require:
|
||||
#wp-cli https://wp-cli.org/#installing
|
||||
#wp-updater https://github.com/keesiemeijer/wp-update
|
||||
|
||||
#get accounts and domains
|
||||
/usr/local/cpanel/scripts/updateuserdomains
|
||||
cat /etc/trueuserdomains
|
||||
|
||||
#https://docs.cpanel.net/whm/scripts/whm-scripts/
|
||||
#https://docs.cpanel.net/whm/account-functions/manage-shell-access/
|
||||
#https://support.cpanel.net/hc/en-us/articles/360051992634-Differences-Between-Normal-and-Jailed-Shell
|
||||
#https://www.cyberciti.biz/tips/how-do-i-find-out-what-shell-im-using.html
|
||||
|
||||
#get bash from user
|
||||
grep "^$USER" /etc/passwd
|
||||
awk -F: '/$USER/ { print $7}' /etc/passwd
|
||||
|
||||
#change shell
|
||||
usermod -s /bin/false $USER
|
||||
|
||||
#https://github.com/layfellow/cpanel-cli (?)
|
Loading…
Reference in New Issue