This repository has been archived by the owner on Feb 12, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: GitHub <noreply@github.com> Signed-off-by: GitHub <noreply@github.com> Co-authored-by: iosifache <iosifache@users.noreply.github.com>
- Loading branch information
1 parent
823ee0a
commit ac1b60d
Showing
2 changed files
with
185 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,184 @@ | ||
# ClamAV | ||
|
||
## Metadata | ||
|
||
- **Identifier**: `clamav` | ||
- **Maturity**: Production | ||
|
||
### Categories | ||
|
||
- Antimalware | ||
- Host Protection | ||
|
||
## Description | ||
|
||
Clam AntiVirus (ClamAV) is a free software, cross-platfom antimalware toolkit able to detect many types of malware, including viruses. ClamAV includes a command-line scanner, automatic database updater, and a scalable multi-threaded daemon running on an anti-virus engine from a shared library. FreshClam is a virus database update tool for ClamAV. ClamAV Daemon checks periodically for virus database definition updates, downloads, installs them, and notifies clamd to refresh it's in-memory virus database cache. | ||
|
||
## Actions | ||
|
||
<table> | ||
<thead> | ||
<tr> | ||
<th>Identifier</th> | ||
<th>Description</th> | ||
<th>Expected Parameters Keys and Types</th> | ||
</tr> | ||
</thead> | ||
<tbody> | ||
<tr> | ||
<td><code>start_scan</code></td> | ||
<td>Starts the scan containing the predifined scan options: Quarantine Location and Scan Log Location. Also, it requires the input of Scan Location.</td> | ||
<td><code>scan_location</code> (<code>STRING</code>)</td> | ||
</tr> | ||
</tbody> | ||
</table> | ||
|
||
## Information | ||
|
||
<table> | ||
<thead> | ||
<tr> | ||
<th>Identifier</th> | ||
<th>Description</th> | ||
<th>Type</th> | ||
<th>Properties</th> | ||
<th>Default Value</th> | ||
</tr> | ||
</thead> | ||
<tbody> | ||
<tr> | ||
<td><code>daily_infected_files_detected</code></td> | ||
<td>Total number of infected files detected today</td> | ||
<td><code>INTEGER</code></td> | ||
<td><code>METRIC</code>, <code>READ_ONLY</code></td> | ||
<td></td> | ||
</tr> | ||
<tr> | ||
<td><code>quarantine_location</code></td> | ||
<td>The location where the infected files will be moved to after the on-demand/crontab scans. Select a directory in which the quarantine will take place if you would like to change.</td> | ||
<td><code>STRING</code></td> | ||
<td><code>MANDATORY</code>, <code>WITH_DEFAULT_VALUE</code>, <code>CONFIGURATION</code>, <code>NON_DEDUCTIBLE</code>, <code>WRITABLE</code></td> | ||
<td>/<code>opt</code>/<code>mutablesecurity</code>/<code>clamav</code>/<code>quarantine</code>/</td> | ||
</tr> | ||
<tr> | ||
<td><code>scan_day_of_month</code></td> | ||
<td>The day (1-31, or * for any) of the month when the crontab scan will take place</td> | ||
<td><code>STRING</code></td> | ||
<td><code>OPTIONAL</code>, <code>WITH_DEFAULT_VALUE</code>, <code>CONFIGURATION</code>, <code>NON_DEDUCTIBLE</code>, <code>WRITABLE</code></td> | ||
<td>*</td> | ||
</tr> | ||
<tr> | ||
<td><code>scan_day_of_week</code></td> | ||
<td>The day (0-6, SUN-SAT, 7 for Sunday or * for any) of the week when the crontab scan will take place</td> | ||
<td><code>STRING</code></td> | ||
<td><code>OPTIONAL</code>, <code>WITH_DEFAULT_VALUE</code>, <code>CONFIGURATION</code>, <code>NON_DEDUCTIBLE</code>, <code>WRITABLE</code></td> | ||
<td><code>MON</code></td> | ||
</tr> | ||
<tr> | ||
<td><code>scan_hour</code></td> | ||
<td>The hour (0-23, or * for any) when the crontab scan will take place</td> | ||
<td><code>STRING</code></td> | ||
<td><code>OPTIONAL</code>, <code>WITH_DEFAULT_VALUE</code>, <code>CONFIGURATION</code>, <code>NON_DEDUCTIBLE</code>, <code>WRITABLE</code></td> | ||
<td><code>0</code></td> | ||
</tr> | ||
<tr> | ||
<td><code>scan_location</code></td> | ||
<td>The location where the on-demand/crontab scans will take place.Select a different directory if you would like to change.</td> | ||
<td><code>STRING</code></td> | ||
<td><code>MANDATORY</code>, <code>WITH_DEFAULT_VALUE</code>, <code>CONFIGURATION</code>, <code>NON_DEDUCTIBLE</code>, <code>WRITABLE</code></td> | ||
<td>/</td> | ||
</tr> | ||
<tr> | ||
<td><code>scan_log_location</code></td> | ||
<td>The location of the generated logs after the on-demand/crontab scans.Chose a file in which the logs will be stored if you would like to change.</td> | ||
<td><code>STRING</code></td> | ||
<td><code>MANDATORY</code>, <code>WITH_DEFAULT_VALUE</code>, <code>CONFIGURATION</code>, <code>NON_DEDUCTIBLE</code>, <code>WRITABLE</code></td> | ||
<td>/<code>opt</code>/<code>mutablesecurity</code>/<code>clamav</code>/<code>logs</code>/<code>logs.txt</code></td> | ||
</tr> | ||
<tr> | ||
<td><code>scan_minute</code></td> | ||
<td>The minute (0-59, or * for any) when the crontab scan will take place</td> | ||
<td><code>STRING</code></td> | ||
<td><code>OPTIONAL</code>, <code>WITH_DEFAULT_VALUE</code>, <code>CONFIGURATION</code>, <code>NON_DEDUCTIBLE</code>, <code>WRITABLE</code></td> | ||
<td><code>0</code></td> | ||
</tr> | ||
<tr> | ||
<td><code>scan_month</code></td> | ||
<td>The month (1-12, JAN-DEC, or * for any) when the crontab scan will take place</td> | ||
<td><code>STRING</code></td> | ||
<td><code>OPTIONAL</code>, <code>WITH_DEFAULT_VALUE</code>, <code>CONFIGURATION</code>, <code>NON_DEDUCTIBLE</code>, <code>WRITABLE</code></td> | ||
<td>*</td> | ||
</tr> | ||
<tr> | ||
<td><code>total_infected_files_detected</code></td> | ||
<td>Total number of infected files detected overall</td> | ||
<td><code>INTEGER</code></td> | ||
<td><code>METRIC</code>, <code>READ_ONLY</code></td> | ||
<td></td> | ||
</tr> | ||
<tr> | ||
<td><code>version</code></td> | ||
<td>Installed version</td> | ||
<td><code>STRING</code></td> | ||
<td><code>METRIC</code>, <code>READ_ONLY</code></td> | ||
<td></td> | ||
</tr> | ||
</tbody> | ||
</table> | ||
|
||
## Logs | ||
|
||
<table> | ||
<thead> | ||
<tr> | ||
<th>Identifier</th> | ||
<th>Description</th> | ||
</tr> | ||
</thead> | ||
<tbody> | ||
<tr> | ||
<td><code>logs</code></td> | ||
<td>The logs generated by ClamAV and FreshClam</td> | ||
</tr> | ||
</tbody> | ||
</table> | ||
|
||
## Tests | ||
|
||
<table> | ||
<thead> | ||
<tr> | ||
<th>Identifier</th> | ||
<th>Description</th> | ||
<th>Type</th> | ||
</tr> | ||
</thead> | ||
<tbody> | ||
<tr> | ||
<td><code>active_database</code></td> | ||
<td>Checks if the ClamAV virus database service is active.</td> | ||
<td><code>OPERATIONAL</code></td> | ||
</tr> | ||
<tr> | ||
<td><code>eicar_detection</code></td> | ||
<td>Creates a EICAR-STANDARD-ANTIVIRUS-TEST-FILE and checks if ClamAV is able to detect it.</td> | ||
<td><code>SECURITY</code></td> | ||
</tr> | ||
<tr> | ||
<td><code>internet_access</code></td> | ||
<td>Checks if host has Internet access.</td> | ||
<td><code>REQUIREMENT</code></td> | ||
</tr> | ||
<tr> | ||
<td><code>ubuntu</code></td> | ||
<td>Checks if the operating system is Ubuntu.</td> | ||
<td><code>REQUIREMENT</code></td> | ||
</tr> | ||
</tbody> | ||
</table> | ||
|
||
## References | ||
|
||
- [https://www.clamav.net/](https://www.clamav.net/) | ||
- [https://github.com/Cisco-Talos/clamav](https://github.com/Cisco-Talos/clamav) | ||
- [https://docs.clamav.net/Introduction.html](https://docs.clamav.net/Introduction.html) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1 +1 @@ | ||
[{"identifier": "teler", "full_name": "teler", "maturity": "Production", "description": "teler is a real-time intrusion detection and threat alert based on web log. Targets only nginx installed on Ubuntu.", "categories": ["Web Intrusion Detection System"]}, {"identifier": "fail2ban", "full_name": "Fail2ban", "maturity": "Production", "description": "Fail2ban is an intrusion prevention software framework that protects Unix-like servers from brute-force attacks. It scans log files and bans IP addresses conducting too many failed operations (for example, login attempts). This module targets Debian-based operating systems and has already set a SSH jail.", "categories": ["Host Intrusion Prevention System"]}, {"identifier": "suricata", "full_name": "Suricata", "maturity": "Under refactoring", "description": "Suricata is the leading independent open source threat detection engine. By combining intrusion detection (IDS), intrusion prevention (IPS), network security monitoring (NSM) and PCAP processing, Suricata can quickly identify, stop, and assess even the most sophisticated attacks.", "categories": ["Network Intrusion Detection and Prevention System"]}, {"identifier": "lets_encrypt", "full_name": "Let's Encrypt x Certbot", "maturity": "Under refactoring", "description": "Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). Certbot is a free, open source software tool for automatically using Let's Encrypt certificates on manually-administrated websites to enable HTTPS.", "categories": ["Encryption for Web Applications"]}] | ||
[{"identifier": "clamav", "full_name": "ClamAV", "maturity": "Production", "description": "Clam AntiVirus (ClamAV) is a free software, cross-platfom antimalware toolkit able to detect many types of malware, including viruses. ClamAV includes a command-line scanner, automatic database updater, and a scalable multi-threaded daemon running on an anti-virus engine from a shared library. FreshClam is a virus database update tool for ClamAV. ClamAV Daemon checks periodically for virus database definition updates, downloads, installs them, and notifies clamd to refresh it's in-memory virus database cache.", "categories": ["Antimalware", "Host Protection"]}, {"identifier": "teler", "full_name": "teler", "maturity": "Production", "description": "teler is a real-time intrusion detection and threat alert based on web log. Targets only nginx installed on Ubuntu.", "categories": ["Web Intrusion Detection System"]}, {"identifier": "fail2ban", "full_name": "Fail2ban", "maturity": "Production", "description": "Fail2ban is an intrusion prevention software framework that protects Unix-like servers from brute-force attacks. It scans log files and bans IP addresses conducting too many failed operations (for example, login attempts). This module targets Debian-based operating systems and has already set a SSH jail.", "categories": ["Host Intrusion Prevention System"]}, {"identifier": "lets_encrypt", "full_name": "Let's Encrypt x Certbot", "maturity": "Under refactoring", "description": "Let's Encrypt is a free, automated, and open certificate authority brought to you by the nonprofit Internet Security Research Group (ISRG). Certbot is a free, open source software tool for automatically using Let's Encrypt certificates on manually-administrated websites to enable HTTPS.", "categories": ["Encryption for Web Applications"]}, {"identifier": "suricata", "full_name": "Suricata", "maturity": "Under refactoring", "description": "Suricata is the leading independent open source threat detection engine. By combining intrusion detection (IDS), intrusion prevention (IPS), network security monitoring (NSM) and PCAP processing, Suricata can quickly identify, stop, and assess even the most sophisticated attacks.", "categories": ["Network Intrusion Detection and Prevention System"]}] |