Created
February 28, 2013 00:54
-
-
Save ssimpson89/5053283 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash -e | |
############################## | |
# Created by Stephen Simpson # | |
# Version 0.1 # | |
# Last Modified: 12/05/12 # | |
############################## | |
###VARIABLES#### | |
#Email address used | |
EMAIL= | |
#Number of days to scan for | |
DAYS=3 | |
####ERRORS AND TRAPS#### | |
#Remove file on kill | |
trap cleanup 1 2 3 15 | |
#Function to the pid file | |
function cleanup { | |
echo "Removing /var/run/maldetScript.pid" 1>&2 | |
rm -r /var/run/maldetScript.pid | |
exit $1 | |
} | |
#Check for previous running maldet | |
if [ -f /var/run/maldetScript.pid ] | |
then | |
echo "A maldet is already running - PID: $(cat /var/run/maldetScript.pid)" | |
RUNNING=1 | |
exit | |
fi | |
# Create the PID lock file | |
echo $$ > /var/run/maldetScript.pid | |
####STARTING THE SCRIPT#### | |
#Check and see whether maldet is indeed installed | |
if [ ! -f /usr/local/sbin/maldet ] | |
then | |
cd /usr/local/src/ | |
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz | |
tar -zxvf maldetect-current.tar.gz | |
cd maldetect-* | |
./install.sh | |
cd /root/ | |
rm -rf /usr/local/src/maldetect-* | |
fi | |
# clear quarantine/session/tmp data every 14 days | |
/usr/sbin/tmpwatch 336 /usr/local/maldetect/tmp >> /dev/null 2>&1 | |
/usr/sbin/tmpwatch 336 /usr/local/maldetect/sess >> /dev/null 2>&1 | |
/usr/sbin/tmpwatch 336 /usr/local/maldetect/quarantine >> /dev/null 2>&1 | |
/usr/sbin/tmpwatch 336 /usr/local/maldetect/pub/*/ >> /dev/null 2>&1 | |
# check for new release version | |
/usr/local/maldetect/maldet -d > /dev/null 2>&1 | |
# check for new definition set | |
/usr/local/maldetect/maldet -u > /dev/null 2>&1 | |
if [ "$(ls /usr/local/maldetect/sess/ | wc -l)" -lt 1 ] | |
then | |
#Scan all files if the maldet has never ran or if session files cleared out | |
maldet --scan-all /home?/?/public_html > /dev/null 2>&1 | |
else | |
#Scan only files modified over the last 3 days | |
maldet --scan-recent /home?/?/public_html $DAYS > /dev/null 2>&1 | |
fi | |
#Time for the email | |
cat /usr/local/maldetect/sess/session.`cat /usr/local/maldetect/sess/session.last` | mail -s "Daily Maldet Cron Completed" $EMAIL | |
####CLEANING UP#### | |
#Remove lock file | |
rm -f /var/run/maldetScript.pid |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment