%PDF- %PDF-
Direktori : /usr/local/maldetect/internals/ |
Current File : //usr/local/maldetect/internals/scan.etpl |
if [ -z "$type" ]; then type=scan fi cat > $tmpf <<EOF HOST: $HOSTNAME SCAN ID: $scanid STARTED: $scan_start_hr EOF if [ ! "$type" == "digest" ]; then cat >> $tmpf <<EOF COMPLETED: $scan_end_hr ELAPSED: ${scan_et}s [find: ${file_list_et}s] EOF else cat >> $tmpf <<EOF MODE: inotify digest ELAPSED: $inotify_run_time EOF fi if [ "$spath" ]; then echo "PATH: $hrspath" >> $tmpf fi if [ "$days" ] && [ ! "$days" == "all" ]; then echo "RANGE: $days days" >> $tmpf fi cat >> $tmpf <<EOF TOTAL FILES: $tot_files TOTAL HITS: $tot_hits TOTAL CLEANED: $tot_cl EOF if [ "$quarantine_hits" == "0" ] && [ ! "$tot_hits" == "0" ]; then echo "WARNING: Automatic quarantine is currently disabled, detected threats are still accessible to users!" >> $tmpf echo "To enable, set quarantine_hits=1 and/or to quarantine hits from this scan run:" >> $tmpf echo -e "/usr/local/sbin/maldet -q $datestamp.$$\n" >> $tmpf fi if [ "$quarantine_clean" == "1" ]; then if [ "$type" == "scan" ] && [ -f "$sessdir/clean.$$" ] && [ ! -z "$(cat $sessdir/clean.$$)" ]; then cleaned_list="$sessdir/clean.$$" elif [ "$type" == "digest" ] && [ -f "$tmpdir/.digest.clean.hits" ] && [ ! "$tot_cl" == "0" ]; then cleaned_list="$tmpdir/.digest.clean.hits" fi if [ -f "$cleaned_list" ]; then cat >> $tmpf <<EOF CLEANED & RESTORED FILES: $(cat $cleaned_list) EOF fi if [ "$quarantine_suspend_user" == "1" ]; then if [ -f "$sessdir/suspend.users.$$" ] && [ ! -z "$(cat $sessdir/suspend.users.$$)" ]; then suspended_list="$sessdir/suspend.users.$$" elif [ "$type" == "digest" ] && [ -f "$tmpdir/.digest.susp.hits" ] && [ ! "$tot_susp" == "0" ]; then suspended_list="$tmpdir/.digest.susp.hits" fi if [ -f "$suspended_list" ]; then cat >> $tmpf <<EOF SUSPENDED ACCOUNTS: $(cat "$suspended_list") EOF fi fi fi if [ ! "$tot_hits" == "0" ]; then if [ "$type" == "digest" ]; then hitlist_file="$tmpdir/.digest.alert.hits" else hitlist_file="$scan_session" fi if [ -f "$hitlist_file" ]; then echo "FILE HIT LIST:" >> $tmpf if [ "$coltest" ]; then cat $hitlist_file | column -s ':' -t -o ':' >> $tmpf else cat $hitlist_file >> $tmpf if [ "$enable_statistic" == "1" ]; then export IFS=$(echo -en "\n\b") for showhit in `cat $hitlist_file`; do curl --output /dev/null --silent --show-error -XPOST "${elk_host}:${elk_port}/$(if [ $elk_index != '' ]; then echo "${elk_index}/message"; fi )" -H 'Content-Type: application/json' -d "$(echo $showhit|awk -v date=$(date +%s) -v hostname=$(hostname) '{print "{\"date\" : \""date"\", \"hit\" : \""$1"\", \"file\" : \""$3"\", \"hostname\" : \""hostname"\"}"}')" done export IFS=' ' fi fi fi fi cat >> $tmpf <<EOF =============================================== Linux Malware Detect v$ver < proj@rfxn.com > EOF