-
-
Notifications
You must be signed in to change notification settings - Fork 161
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add maldet.sh Linux Malware Detect Addon
- Loading branch information
1 parent
854691c
commit 5c77b84
Showing
1 changed file
with
153 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,153 @@ | ||
#!/bin/bash | ||
######################################################### | ||
# Install Linux Malware Detect (maldet) + ClamAV AntiVirus scanner | ||
# Official Centmin Mod Addon for centminmod.com LEMP web stack | ||
# written by George Liu vbtechsupport.com | ||
# https://www.rfxn.com/projects/linux-malware-detect/ | ||
# http://www.clamav.net/lang/en/ | ||
######################################################### | ||
DT=`date +"%d%m%y-%H%M%S"` | ||
TMP_DIR='/svr-setup' | ||
CENTMINLOGDIR='/root/centminlogs' | ||
|
||
# enter email address you want alerts sent to | ||
# i.e. your@domain.com | ||
ALERTEMAIL='' | ||
|
||
# enter your pushover.net email you want alerts sent to | ||
# i.e. youruserkey+devicename+p1@api.pushover.net | ||
ALERT_POEMAIL='' | ||
######################################################### | ||
# Setup Colours | ||
black='\E[30;40m' | ||
red='\E[31;40m' | ||
green='\E[32;40m' | ||
yellow='\E[33;40m' | ||
blue='\E[34;40m' | ||
magenta='\E[35;40m' | ||
cyan='\E[36;40m' | ||
white='\E[37;40m' | ||
|
||
boldblack='\E[1;30;40m' | ||
boldred='\E[1;31;40m' | ||
boldgreen='\E[1;32;40m' | ||
boldyellow='\E[1;33;40m' | ||
boldblue='\E[1;34;40m' | ||
boldmagenta='\E[1;35;40m' | ||
boldcyan='\E[1;36;40m' | ||
boldwhite='\E[1;37;40m' | ||
|
||
Reset="tput sgr0" # Reset text attributes to normal | ||
#+ without clearing screen. | ||
|
||
cecho () # Coloured-echo. | ||
# Argument $1 = message | ||
# Argument $2 = color | ||
{ | ||
message=$1 | ||
color=$2 | ||
echo -e "$color$message" ; $Reset | ||
return | ||
} | ||
######################################################### | ||
if [[ ! -f /etc/redhat-release ]] ; then | ||
cecho "No CentOS / RHEL system detected" $boldyellow | ||
cecho "Please only install on CentOS / RHEL systems" $boldyellow | ||
cecho "aborting install..." $boldyellow | ||
exit | ||
else | ||
cecho "CentOS / RHEL system detected" $boldyellow | ||
fi | ||
|
||
if [[ ! -f /usr/bin/wget ]] ; then | ||
yum -y -q install wget | ||
fi | ||
|
||
if [[ -z "$ALERTEMAIL" ]]; then | ||
echo | ||
cecho "ALERTEMAIL variable detected as empty" $boldyellow | ||
cecho "edit $0 and set an email address for ALERTEMAIL" $boldyellow | ||
cecho "Then re-run the script $0" $boldyellow | ||
exit | ||
fi | ||
######################################################### | ||
# functions | ||
|
||
setemailalert() { | ||
if [[ ! -z "$ALERT_POEMAIL" ]]; then | ||
sed -i "s/email_addr=\"you@domain.com\"/email_addr=\"${ALERTEMAIL},${ALERT_POEMAIL}\"/g" /usr/local/maldetect/conf.maldet | ||
else | ||
sed -i "s/email_addr=\"you@domain.com\"/email_addr=\"${ALERTEMAIL}\"/g" /usr/local/maldetect/conf.maldet | ||
fi | ||
} | ||
|
||
maldetinstall() { | ||
# install maldet | ||
cecho "Installing maldet..." $boldyellow | ||
cd $TMP_DIR | ||
|
||
cecho "Download maldetect-current.tar.gz ..." $boldyellow | ||
if [ -s maldetect-current.tar.gz ]; then | ||
cecho "maldetect-current.tar.gz Archive found, skipping download..." $boldgreen | ||
else | ||
wget -cnv http://www.rfxn.com/downloads/maldetect-current.tar.gz --tries=3 | ||
ERROR=$? | ||
if [[ "$ERROR" != '0' ]]; then | ||
cecho "Error: maldetect-current.tar.gz download failed." $boldgreen | ||
exit #$ERROR | ||
else | ||
cecho "Download done." $boldyellow | ||
#echo "" | ||
fi | ||
fi | ||
|
||
tar xzf maldetect-current.tar.gz | ||
ERROR=$? | ||
if [[ "$ERROR" != '0' ]]; then | ||
cecho "Error: maldetect-current.tar.gz extraction failed." $boldgreen | ||
exit #$ERROR | ||
else | ||
cecho "maldetect-current.tar.gz valid file." $boldyellow | ||
echo "" | ||
fi | ||
|
||
cd maldetect-* | ||
./install.sh | ||
|
||
# set email alerts | ||
setemailalert | ||
|
||
# enable auto quarantine of malware hits | ||
sed -i 's/quar_hits=0/quar_hits=1/g' /usr/local/maldetect/conf.maldet | ||
|
||
# append Centmin Mod specific scan paths into cron.daily/malet | ||
sed -i '/\/home?\/?\/public_html/ a\ \/usr\/local\/maldetect\/maldet -b -r \/home\/nginx\/domains\/?\/public 2 >> \/dev\/null 2>&1' /etc/cron.daily/maldet | ||
sed -i '/\/home?\/?\/public_html/ a\ \/usr\/local\/maldetect\/maldet -b -r \/var\/www\/html 2 >> \/dev\/null 2>&1' /etc/cron.daily/maldet | ||
sed -i '/\/home?\/?\/public_html/ a\ \/usr\/local\/maldetect\/maldet -b -r \/usr\/local\/nginx\/html 2 >> \/dev\/null 2>&1' /etc/cron.daily/maldet | ||
|
||
} | ||
|
||
clamavinstall() { | ||
# install clamav and clamd | ||
echo | ||
cecho "Installing clamav..." $boldyellow | ||
yum -y install clamav clamd | ||
/etc/init.d/clamd start | ||
chkconfig clamd on | ||
time freshclam | ||
} | ||
######################################################### | ||
starttime=$(date +%s.%N) | ||
{ | ||
maldetinstall | ||
clamavinstall | ||
|
||
echo | ||
cecho "maldet + clamav installed..." $boldyellow | ||
} 2>&1 | tee ${CENTMINLOGDIR}/centminmod_maldet_install_${DT}.log | ||
|
||
endtime=$(date +%s.%N) | ||
|
||
INSTALLTIME=$(echo "scale=2;$endtime - $starttime"|bc ) | ||
echo "" >> ${CENTMINLOGDIR}/centminmod_maldet_install_${DT}.log | ||
echo "Total maldet + clamav Install Time: $INSTALLTIME seconds" >> ${CENTMINLOGDIR}/centminmod_maldet_install_${DT}.log |
5c77b84
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add on discussion at https://community.centminmod.com/threads/maldet-linux-malware-detect-addon-discussion.846/