roger/bashscripts
1
0
Fork 0
Code Issues 3 Pull Requests Releases Activity
bashscripts/scan_chk.sh

66 lines
4.1 KiB
Bash
Raw Blame History

#!/bin/bash
# uncomment when use script from cron
PATH=$PATH:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin
# variables
readonly LOGFILE="$(hostname)_chkrootkit-$(date +'%Y-%m-%d').txt"
readonly NC_USER="log"
readonly NC_PASS="t1todelogs"
readonly NC_URL_WEBDAV="https://cloud.studi7.com/remote.php/dav/files"
readonly GOTIFY_TOKEN="A4w5ShWUHxcTLbx"
readonly GOTIFY_HOST="https://push.studi7.com"
readonly GOTIFY_PRIORITY=5
GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
# vars chkrootkit
SNIFFERS_WHITELIST="dhclient"
SNIFFERS_WHITELIST="${SNIFFERS_WHITELIST} enp3s0"
FILES_WHITELIST="/usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htaccess "
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htpasswd "
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/*/.htaccess "
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/*/.htpasswd"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/jvm/.java-1.11.0-openjdk-amd64.jinfo"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/jvm/.java-1.17.0-openjdk-amd64.jinfo"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/debug/.build-id"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/libreoffice/share/.registry"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/glances/outputs/static/.gitignore"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/tests/baseline_images/.keep"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/tests/tinypages/_static/.gitignore"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/tests/tinypages/.gitignore"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.eslintrc.js"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.prettierignore"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/matplotlib/backends/web_backend/.prettierrc"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document"
FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/debug/.build-id"
# disable tests because always generate output: z2 chkutmp
ACTIVE_TESTS="aliens asp bindshell lkm rexedcs sniffer w55808 wted scalper slapper OSX_RSPLUG amd basename biff chfn chsh cron crontab date du dirname echo egrep env find fingerd gpm grep hdparm su ifconfig inetd"
ACTIVE_TESTS="${ACTIVE_TESTS} inetdconf identd init killall ldsopreload login ls lsof mail mingetty netstat named passwd pidof pop2 pop3 ps pstree rpcinfo rlogind rshd slogin sendmail sshd syslogd tar tcpd tcpdump top telnetd timed traceroute vdir w write"
OUT=$(chkrootkit -q -s "$SNIFFERS_WHITELIST" -e "$FILES_WHITELIST" $ACTIVE_TESTS)
if [ -n "$OUT" ]
then
issues=$(echo "$OUT" | wc -l)
OUT=$(echo "$OUT" | sed -z 's/\n/\\n/g')
echo $OUT > "./$LOGFILE"
#send log to nextcloud folder │ GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)"
curl -u $NC_USER:$NC_PASS -T "./$LOGFILE" "$NC_URL_WEBDAV/$NC_USER/"
# delete local log
rm $LOGFILE
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r"
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} There are **$issues** security issues \r"
GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($NC_URL_WEBDAV/$NC_USER/$LOGFILE)"
# send gotify notification
TITLE="CHK Scan $(hostname)"
EXTRAS="{\"client::display\": {\"contentType\": \"text/markdown\"}, \"client::notification\": {\"click\": { \"url\": \"$NC_URL_WEBDAV/$NC_USER/$LOGFILE\"}}}"
curl -X POST "$GOTIFY_HOST/message?token=$GOTIFY_TOKEN" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"message\": \"${GOTIFY_MESSAGE}\", \"priority\": ${GOTIFY_PRIORITY}, \"title\": \"${TITLE}\", \"extras\": ${EXTRAS} }"
else
echo "[chkrootkit] system clean"
fi
Reference in New Issue View Git Blame Copy Permalink