Skip to content

Instantly share code, notes, and snippets.

@CapWebSolutions

CapWebSolutions/sec-scan-root.sh

Last active April 23, 2024 15:47
Show Gist options
  • Star 6 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save CapWebSolutions/99a3eb5897a7e21a1643ca426e0f1573 to your computer and use it in GitHub Desktop.
Save CapWebSolutions/99a3eb5897a7e21a1643ca426e0f1573 to your computer and use it in GitHub Desktop.
Download ZIP
Latest iteration of security scanning script for MainWP instance.
Raw
sec-scan-root.sh
#
# This script is executed from a terminal prompt at the root of your MainWP WordPress website.
# It uses the same services as WP CLI, so if WP CLI runs, this should also.
#
# Execute MainWP CLI command to generate a list of all configured sites in MainWP
# Pipe output through filter to remove columns 3 and 4 of output. These columns hold the 2 digit site number. Adjust if more than 99 sites.
# Pipe that output to get rid of the comment lines in the site listing.
# Pipe that output through the SED editor inserting the security scan command at the beginning of the line
# Send everything to a shell script to be executed.
cd /var/www/capwebwpcare.com/htdocs
NOW=$(date +%Y%m%d%H%M%S)
LOG_FILE=../logs/${NOW}_sec-scan.log
CURRENT_LOG_FILE=../logs/current_sec-scan.log
AUTO_SH=${NOW}_sec-scan-auto.sh
AUTO_SH_ROOT=${NOW}_sec-scan-root-auto.sh
# Get rid of old existing log files & auto gen'ed scripts.
rm -f ../logs/$(date +%Y%m%d* --date='1 week ago')_sec-scan.log
rm -f ../logs/$(date +%Y%m%d* --date='1 week ago')_sec-scan-auto.sh
#rm -f ../logs/*_sec-scan.log
#rm -f ./*_sec-scan-auto.sh
#rm -f ./*_sec-scan-root-auto.sh
rm -f ${CURRENT_LOG_FILE}
#
gp wp capwebwpcare.com mainwp sites | cut -c3-4 | grep -E '([0-9]|[0-9][0-9])' | sed 's/^/gp wp capwebwpcare.com mainwp-sucuri scan /' > ./${AUTO_SH}
#
# Make the newly created shell script executable.
chmod +x ./${AUTO_SH}
#
# Dump it out to verify.
cat ./${AUTO_SH} | sed 's/$/ --allow-root/' > ./${AUTO_SH_ROOT}
chmod +x ./${AUTO_SH_ROOT}
#
# Add timestamp inside log file
date >> ./${LOG_FILE}
# dump out the generated script to the log
cat ./${AUTO_SH_ROOT} >> ./${LOG_FILE}
#
# Run the shell script and watch the progress.
# Pipe the output the terminal and append to log file to keep track of results.
./${AUTO_SH_ROOT} | tee -a ./${LOG_FILE}
#
# Save this log file as 'current'
cp ${LOG_FILE} ${CURRENT_LOG_FILE}
cat ${CURRENT_LOG_FILE} | grep 'Warnings'
@sebastianmoran-mainwp
Copy link

K awesome script share.

@forgetwp
Copy link

Awesome work! Exactly what I was looking for!
Do you guys know if there is a way to include Sucuri scans on PRO reports?

@CapWebSolutions
Copy link
Author

Hey forgetwp,

Thanks. Yes, you can include the security scans in the pro reports. I use the pro-report-basic that is included to generate the attached report page.
0004

@forgetwp
Copy link

Ahh, true. It is also included on PRO reports under Security.
I missed it because I was looking for some sort of Sucuri branded green check boxes, etc. :)
Thanks for your help.

@edellingham
Copy link

Thanks so much for sharing this!

Does anyone know what the output would contain if something was wrong? For example, a site were blacklisted or there was malware?

I'm looking to have the script send a different email if a string of text is detected to indicate an issue, but I'm not really sure what string to search for since I haven't had this happen yet.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment