Skip to content

Instantly share code, notes, and snippets.

@centminmod centminmod/maldet.sh Secret
Last active Aug 29, 2015

Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Official Centmin Mod Addon for installing maldet + clamav
Raw
maldet.sh
#!/bin/bash
#########################################################
# Install Linux Malware Detect (maldet) + ClamAV AntiVirus scanner
# Official Centmin Mod Addon for centminmod.com LEMP web stack
# written by George Liu vbtechsupport.com
# https://www.rfxn.com/projects/linux-malware-detect/
# http://www.clamav.net/lang/en/
#########################################################
DT=`date +"%d%m%y-%H%M%S"`
TMP_DIR='/svr-setup'
CENTMINLOGDIR='/root/centminlogs'
# enter email address you want alerts sent to
# i.e. your@domain.com
ALERTEMAIL=''
# enter your pushover.net email you want alerts sent to
# i.e. youruserkey+devicename+p1@api.pushover.net
ALERT_POEMAIL=''
#########################################################
# Setup Colours
black='\E[30;40m'
red='\E[31;40m'
green='\E[32;40m'
yellow='\E[33;40m'
blue='\E[34;40m'
magenta='\E[35;40m'
cyan='\E[36;40m'
white='\E[37;40m'
boldblack='\E[1;30;40m'
boldred='\E[1;31;40m'
boldgreen='\E[1;32;40m'
boldyellow='\E[1;33;40m'
boldblue='\E[1;34;40m'
boldmagenta='\E[1;35;40m'
boldcyan='\E[1;36;40m'
boldwhite='\E[1;37;40m'
Reset="tput sgr0" # Reset text attributes to normal
#+ without clearing screen.
cecho () # Coloured-echo.
# Argument $1 = message
# Argument $2 = color
{
message=$1
color=$2
echo -e "$color$message" ; $Reset
return
}
#########################################################
if [[ ! -f /etc/redhat-release ]] ; then
cecho "No CentOS / RHEL system detected" $boldyellow
cecho "Please only install on CentOS / RHEL systems" $boldyellow
cecho "aborting install..." $boldyellow
exit
else
cecho "CentOS / RHEL system detected" $boldyellow
fi
if [[ ! -f /usr/bin/wget ]] ; then
yum -y -q install wget
fi
if [[ -z "$ALERTEMAIL" ]]; then
echo
cecho "ALERTEMAIL variable detected as empty" $boldyellow
cecho "edit $0 and set an email address for ALERTEMAIL" $boldyellow
cecho "Then re-run the script $0" $boldyellow
exit
fi
#########################################################
# functions
setemailalert() {
if [[ ! -z "$ALERT_POEMAIL" ]]; then
sed -i 's/email_alert=0/email_alert=1/g' /usr/local/maldetect/conf.maldet
sed -i "s/email_addr=\"you@domain.com\"/email_addr=\"${ALERTEMAIL},${ALERT_POEMAIL}\"/g" /usr/local/maldetect/conf.maldet
else
sed -i 's/email_alert=0/email_alert=1/g' /usr/local/maldetect/conf.maldet
sed -i "s/email_addr=\"you@domain.com\"/email_addr=\"${ALERTEMAIL}\"/g" /usr/local/maldetect/conf.maldet
fi
}
maldetinstall() {
# install maldet
cecho "Installing maldet..." $boldyellow
cd $TMP_DIR
cecho "Download maldetect-current.tar.gz ..." $boldyellow
if [ -s maldetect-current.tar.gz ]; then
cecho "maldetect-current.tar.gz Archive found, skipping download..." $boldgreen
else
wget -cnv http://www.rfxn.com/downloads/maldetect-current.tar.gz --tries=3
ERROR=$?
if [[ "$ERROR" != '0' ]]; then
cecho "Error: maldetect-current.tar.gz download failed." $boldgreen
exit #$ERROR
else
cecho "Download done." $boldyellow
#echo ""
fi
fi
tar xzf maldetect-current.tar.gz
ERROR=$?
if [[ "$ERROR" != '0' ]]; then
cecho "Error: maldetect-current.tar.gz extraction failed." $boldgreen
exit #$ERROR
else
cecho "maldetect-current.tar.gz valid file." $boldyellow
echo ""
fi
cd maldetect-*
./install.sh
# set email alerts
setemailalert
# enable auto quarantine of malware hits
sed -i 's/quar_hits=0/quar_hits=1/g' /usr/local/maldetect/conf.maldet
# append Centmin Mod specific scan paths into cron.daily/malet
sed -i '/\/home?\/?\/public_html/ a\ \/usr\/local\/maldetect\/maldet -b -r \/home\/nginx\/domains\/?\/public 2 >> \/dev\/null 2>&1' /etc/cron.daily/maldet
sed -i '/\/home?\/?\/public_html/ a\ \/usr\/local\/maldetect\/maldet -b -r \/var\/www\/html 2 >> \/dev\/null 2>&1' /etc/cron.daily/maldet
sed -i '/\/home?\/?\/public_html/ a\ \/usr\/local\/maldetect\/maldet -b -r \/usr\/local\/nginx\/html 2 >> \/dev\/null 2>&1' /etc/cron.daily/maldet
# extend scan to other system directories where malware and viruses can be placed
echo "" >> /etc/cron.daily/maldet
echo "# extend maldet scans to other areas" >> /etc/cron.daily/maldet
echo "/usr/local/maldetect/maldet -b -r /boot 2 >> /dev/null 2>&1" >> /etc/cron.daily/maldet
echo "/usr/local/maldetect/maldet -b -r /etc 2 >> /dev/null 2>&1" >> /etc/cron.daily/maldet
echo "/usr/local/maldetect/maldet -b -r /usr 2 >> /dev/null 2>&1" >> /etc/cron.daily/maldet
}
clamavinstall() {
# install clamav and clamd
echo
cecho "Installing clamav..." $boldyellow
yum clean all -q
yum makecache fast -q
yum -y install clamav clamd --disablerepo=epel
if [[ -z "$(grep clam /etc/yum.repos.d/epel.repo)" ]]; then
sed -i 's/exclude=varnish/exclude=varnish clamd clamav clamav-db/' /etc/yum.repos.d/epel.repo
fi
/etc/init.d/clamd start
chkconfig clamd on
time freshclam
}
#########################################################
starttime=$(date +%s.%N)
{
maldetinstall
clamavinstall
echo
cecho "maldet + clamav installed..." $boldyellow
} 2>&1 | tee ${CENTMINLOGDIR}/centminmod_maldet_install_${DT}.log
endtime=$(date +%s.%N)
INSTALLTIME=$(echo "scale=2;$endtime - $starttime"|bc )
echo "" >> ${CENTMINLOGDIR}/centminmod_maldet_install_${DT}.log
echo "Total maldet + clamav Install Time: $INSTALLTIME seconds" >> ${CENTMINLOGDIR}/centminmod_maldet_install_${DT}.log
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.