Merge pull request #31 from cisagov/improvement/add-ssm-script

Add shell script to gather log data via SSM
cisagov · Mar 15, 2023 · ae8d553 · ae8d553
2 parents 3028234 + d7b4806
commit ae8d553
Show file tree

Hide file tree

Showing 3 changed files with 60 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -22,6 +22,32 @@ $ clamav-report tests/files/inventory.txt clamav-201909.csv
 2019-09-09 15:39:47,268 INFO Generating consolidated virus report: clamav-201909.csv
 ```
 
+For gathering ClamAV log data from AWS instances that are accessible via
+[SSM](https://docs.aws.amazon.com/systems-manager/latest/userguide/what-is-systems-manager.html),
+the `clamav_log_report.sh` shell script has been provided in the `extras`
+directory:
+
+```console
+$ ./extras/clamav_log_report.sh i-0123456789abcdef0
+
+Starting session with SessionId: iam.username-0123456789abcdef0
+
+bar.foo.gov
+----------- SCAN SUMMARY -----------
+Known viruses: 8654853
+Engine version: 0.103.6
+Scanned directories: 5141
+Scanned files: 42629
+Infected files: 0
+Data scanned: 2949.27 MB
+Data read: 3249.70 MB (ratio 0.91:1)
+Time: 574.106 sec (9 m 34 s)
+Start Date: 2023:03:05 06:47:01
+End Date:   2023:03:05 06:56:35
+
+Exiting session with sessionId: david.redmin-0123456789abcdef0.
+```
+
 ## Contributing ##
 
 We welcome contributions!  Please see [`CONTRIBUTING.md`](CONTRIBUTING.md) for

diff --git a/extras/clamav_log_report.sh b/extras/clamav_log_report.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+#
+# Gather ClamAV scan log data from a list of AWS instances via SSM.
+#
+# Usage: ./clamav_log_report.sh <instance-id>...
+
+set -o nounset
+set -o errexit
+set -o pipefail
+
+if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
+  echo "Usage: $0 <instance-id>..."
+  exit 1
+fi
+
+today=$(date +%Y%m%d)
+logfile="./clamav-$today.log"
+# tee -a: Append to existing logfile
+# tee -i: Ignore SIGINT signals
+exec > >(tee -ai "$logfile")
+exec 2> >(tee -ai "$logfile" >&2)
+
+clamav_scan_log="/var/log/clamav/lastscan.log"
+
+instances=("$@")
+
+for instance_id in "${instances[@]}"; do
+  # tail --lines=12: Output last 12 lines of ClamAV scan log, which includes
+  # the summary of the most-recent scan results.
+  aws ssm start-session --target="$instance_id" \
+    --document=AWS-StartInteractiveCommand \
+    --parameters command="hostname; tail --lines=12 $clamav_scan_log"
+done
diff --git a/src/clamav_report/_version.py b/src/clamav_report/_version.py
@@ -1,2 +1,2 @@
 """This file defines the version of this module."""
-__version__ = "0.2.0"
+__version__ = "0.2.1"