Created
November 26, 2013 03:38
-
-
Save nathenharvey/7653123 to your computer and use it in GitHub Desktop.
A quick cookbook for installing maldetect
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # cookbooks/maldetect/attributes/attributes.rb | |
| default["maldetect"]["version"] = "1.4.2" | |
| default["maldetect"]["checksum"] = "e118760d2440832564ac72977abb95a6141c25b520f21dfa30a89e1f6c835d63" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # cookbooks/maldetect/recipes/default.rb | |
| # | |
| # Cookbook Name:: maldetect | |
| # Recipe:: default | |
| # | |
| # Copyright 2013, YOUR_COMPANY_NAME | |
| # | |
| # All rights reserved - Do Not Redistribute | |
| # | |
| maldet_version = node["maldetect"]["version"] | |
| # cd /tmp | |
| # wget http://www.rfxn.com/downloads/maldetect-current.tar.gz | |
| remote_file "#{Chef::Config[:file_cache_path]}/maldetect-current.tar.gz" do | |
| action :create | |
| source "http://www.rfxn.com/downloads/maldetect-current.tar.gz" | |
| checksum node["maldetect"]["checksum"] | |
| owner "root" | |
| group "root" | |
| end | |
| # tar xfz maldetect-current.tar.gz | |
| execute "unpack maldetect" do | |
| cwd Chef::Config[:file_cache_path] | |
| command "tar xfz maldetect-current.tar.gz" | |
| not_if {::File.directory?("#{Chef::Config[:file_cache_path]}/maldetect-#{maldet_version}")} | |
| end | |
| # cd maldetect-1.4.1/ | |
| # ./install.sh | |
| execute "install maldetect" do | |
| cwd "#{Chef::Config[:file_cache_path]}/maldetect-1.4.2" | |
| command "./install.sh" | |
| not_if {::File.read("/usr/local/maldetect/VERSION").strip == maldet_version} | |
| end | |
| # -> maldet --update | |
| execute "update maldet" do | |
| command "maldet --update" | |
| returns [0,1] | |
| # TODO: Should this be run every time chef-client is executed? | |
| # Probably best to sort out a guard | |
| end | |
| # TODO: Do you really need this? It seems that the standard maldet | |
| # install drops a cron into /etc/cron.daily/maldet | |
| # -> add custom maldet.sh script with appropriate permissions to /root | |
| directory "/root" do | |
| owner "root" | |
| group "root" | |
| end | |
| template "/root/maldet.sh" do | |
| source "maldet.sh.erb" | |
| owner "root" | |
| group "root" | |
| mode "0755" | |
| end | |
| # -> add the following to root's crontab | |
| # 30 01 * * * sh /root/maldet.sh | |
| cron "run maldet" do | |
| minute "30" | |
| hour "01" | |
| command "sh /root/maldet.sh" | |
| end | |
| # This shouldn't be necessary: | |
| # -> /etc/init.d/crond|service cron restart |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # cookbooks/maldetect/templates/default/maldet.sh.erb | |
| # This file is being managed by Chef for <%= node['fqdn'] %> | |
| # clear quarantine/session/tmp data every 14 days | |
| /usr/sbin/tmpwatch 336 /usr/local/maldetect/tmp >> /dev/null 2>&1 | |
| /usr/sbin/tmpwatch 336 /usr/local/maldetect/sess >> /dev/null 2>&1 | |
| /usr/sbin/tmpwatch 336 /usr/local/maldetect/quarantine >> /dev/null 2>&1 | |
| /usr/sbin/tmpwatch 336 /usr/local/maldetect/pub/*/ >> /dev/null 2>&1 | |
| # check for new release version | |
| /usr/local/maldetect/maldet -d >> /dev/null 2>&1 | |
| # check for new definition set | |
| /usr/local/maldetect/maldet -u >> /dev/null 2>&1 | |
| # if were running inotify monitoring, send daily hit summary | |
| if [ "$(ps -A --user root -o "comm" | grep inotifywait)" ]; then | |
| /usr/local/maldetect/maldet --alert-daily >> /dev/null 2>&1 | |
| else | |
| # scan the last 2 days of file changes | |
| if [ -d "/home/virtual" ] && [ -d "/usr/lib/opcenter" ]; then | |
| # ensim | |
| /usr/local/maldetect/maldet -b -r /home/virtual/?/fst/var/www/html 2 >> /dev/null 2>&1 | |
| /usr/local/maldetect/maldet -b -r /home/virtual/?/fst/home/?/public_html 2 >> /dev/null 2>&1 | |
| elif [ -d "/etc/psa" ] && [ -d "/var/lib/psa" ]; then | |
| # psa | |
| /usr/local/maldetect/maldet -b -r /var/www/vhosts/?/httpdocs 2 >> /dev/null 2>&1 | |
| /usr/local/maldetect/maldet -b -r /var/www/vhosts/?/subdomains/?/httpdocs 2 >> /dev/null 2>&1 | |
| elif [ -d "/usr/local/directadmin" ]; then | |
| # DirectAdmin | |
| /usr/local/maldetect/maldet -b -r /var/www/html/?/ 2 >> /dev/null 2>&1 | |
| /usr/local/maldetect/maldet -b -r /home?/?/domains/?/public_html 2 >> /dev/null 2>&1 | |
| else | |
| # cpanel, interworx and other standard home/user/public_html setups | |
| /usr/local/maldetect/maldet -b -r /home?/?/public_html 2 >> /dev/null 2>&1 | |
| fi | |
| # scan default apache docroot paths | |
| if [ -d "/var/www/html" ]; then | |
| /usr/local/maldetect/maldet -b -r /var/www/html 2 >> /dev/null 2>&1 | |
| fi | |
| if [ -d "/usr/local/apache/htdocs" ]; then | |
| /usr/local/maldetect/maldet -b -r /usr/local/apache/htdocs 2 >> /dev/null 2>&1 | |
| fi | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Where will we get the latest checksum number which is in attributes.rb file.
default["maldetect"]["checksum"] = "e118760d2440832564ac72977abb95a6141c25b520f21dfa30a89e1f6c835d63"