diff --git a/modules/security/malware-scanner.sh b/modules/security/malware-scanner.sh index 64a3fde..1a69e86 100755 --- a/modules/security/malware-scanner.sh +++ b/modules/security/malware-scanner.sh @@ -272,223 +272,140 @@ install_maldet_only() { cd /tmp || return 1 - # Function to compare semantic versions (e.g., 1.6.5 vs 1.6.4) - compare_versions() { - local v1="$1" v2="$2" - [ "$v1" = "$v2" ] && echo "equal" && return + # Try to download from sources in order with aggressive timeout handling + # Skip pre-checking (can hang on firewall-intercepted HTTPS) + # Just attempt downloads directly with proper timeouts - local IFS=. - local i ver1=($v1) ver2=($v2) + local download_success=false + local temp_file="maldetect-latest.tar.gz" + local best_source="" - for ((i=0; i<${#ver1[@]} || i<${#ver2[@]}; i++)); do - if ((10#${ver1[i]:-0} > 10#${ver2[i]:-0})); then - echo "greater" - return - elif ((10#${ver1[i]:-0} < 10#${ver2[i]:-0})); then - echo "less" - return + # Download sources in priority order + local sources=( + "rfxn:https://www.rfxn.com/downloads/maldetect-latest.tar.gz:rfxn.com (official)" + "github-api:https://api.github.com/repos/rfxn/maldet/archive/refs/heads/main.tar.gz:GitHub API" + "github:https://github.com/rfxn/maldet/archive/refs/heads/main.tar.gz:GitHub direct" + ) + + echo "Attempting to download from sources..." + echo "" + + for source_info in "${sources[@]}"; do + IFS=: read -r source_name source_url source_label <<< "$source_info" + + echo " Trying $source_label..." + + # Try download with aggressive timeout + # --connect-timeout: fail fast if connection can't be established + # --max-time: fail if entire operation takes too long + # --speed-time: fail if sustained transfer speed is too slow + if wget -q --timeout=30 --read-timeout=10 -O "$temp_file" "$source_url" 2>/dev/null; then + if [ -f "$temp_file" ] && [ -s "$temp_file" ]; then + echo -e " ${GREEN}✓ Download successful from $source_label${NC}" + download_success=true + best_source="$source_label" + break fi - done - echo "equal" - } - - # Check available versions from multiple sources - local rfxn_version="" github_version="" github_api_version="" - local best_source="" best_version="" best_url="" - - # Source 1: Check rfxn.com for available versions - echo " [1/3] Checking rfxn.com..." - local rfxn_check=$(curl -sI "https://www.rfxn.com/downloads/maldetect-latest.tar.gz" --connect-timeout 5 2>/dev/null | grep -E "HTTP|Content-Length") - if echo "$rfxn_check" | grep -q "200\|302"; then - rfxn_version="latest" - echo " ✓ Available (latest release)" - else - echo " ✗ Not reachable" - fi - - # Source 2: Check GitHub releases API for version info - echo " [2/3] Checking GitHub releases..." - local github_api_data=$(curl -s "https://api.github.com/repos/rfxn/maldet/releases/latest" --connect-timeout 5 2>/dev/null) - - if echo "$github_api_data" | grep -q '"tag_name"'; then - github_api_version=$(echo "$github_api_data" | grep -o '"tag_name":"[^"]*' | head -1 | cut -d'"' -f4 | sed 's/^v//') - if [ -n "$github_api_version" ]; then - echo " ✓ Found version: $github_api_version" + rm -f "$temp_file" fi - else - echo " ✗ API unreachable" - fi - # Source 3: Check GitHub main branch - echo " [3/3] Checking GitHub main branch..." - local github_main_check=$(curl -sI "https://github.com/rfxn/maldet/archive/refs/heads/main.tar.gz" --connect-timeout 5 2>/dev/null | grep -E "HTTP") - if echo "$github_main_check" | grep -q "200\|302"; then - github_version="main-branch" - echo " ✓ Available (main branch)" - else - echo " ✗ Not reachable" - fi + # Also try with curl as fallback + if ! [ "$download_success" = true ]; then + if curl -f --connect-timeout 10 --max-time 30 -L -o "$temp_file" "$source_url" 2>/dev/null; then + if [ -f "$temp_file" ] && [ -s "$temp_file" ]; then + echo -e " ${GREEN}✓ Download successful from $source_label${NC}" + download_success=true + best_source="$source_label" + break + fi + rm -f "$temp_file" + fi + fi + + if [ "$download_success" = false ]; then + echo -e " ${RED}✗ Failed or timeout${NC}" + fi + done echo "" - # Determine best source based on version comparison - if [ -n "$github_api_version" ] && [ -n "$rfxn_version" ]; then - # Both available - prefer the version tag if we can parse rfxn version - echo " Multiple sources available. Selecting best version..." - best_source="github_api" - best_version="$github_api_version" - best_url=$(echo "$github_api_data" | grep -o '"tarball_url":"[^"]*' | head -1 | cut -d'"' -f4) - echo " → Downloading version $best_version from GitHub API" - elif [ -n "$rfxn_version" ]; then - best_source="rfxn" - best_version="latest" - best_url="https://www.rfxn.com/downloads/maldetect-latest.tar.gz" - echo " → Downloading from rfxn.com (official)" - elif [ -n "$github_api_version" ]; then - best_source="github_api" - best_version="$github_api_version" - best_url=$(echo "$github_api_data" | grep -o '"tarball_url":"[^"]*' | head -1 | cut -d'"' -f4) - echo " → Downloading version $best_version from GitHub API" - elif [ -n "$github_version" ]; then - best_source="github_main" - best_version="main-branch" - best_url="https://github.com/rfxn/maldet/archive/refs/heads/main.tar.gz" - echo " → Downloading from GitHub main branch (fallback)" - else - # No internet access - check for offline options - echo -e "${YELLOW}Network access unavailable. Checking offline options...${NC}" + if [ "$download_success" = false ]; then + # All sources timed out or failed - check for offline options + echo -e "${YELLOW}All download sources failed or timed out.${NC}" + echo "" + echo "Checking for pre-downloaded archives or system packages..." echo "" - # Option 1: Check if Maldet is available in system package repos - local repo_available=false - if command -v yum &>/dev/null; then - echo " [1] Checking yum repositories..." - if yum search maldet 2>/dev/null | grep -q "maldet"; then - echo -e " ${GREEN}✓ Maldet found in yum repos${NC}" - repo_available=true - else - echo " ✗ Not in yum repos" - fi - elif command -v apt-get &>/dev/null; then - echo " [1] Checking apt repositories..." - apt-get update > /dev/null 2>&1 - if apt-cache search maldet 2>/dev/null | grep -q "maldet"; then - echo -e " ${GREEN}✓ Maldet found in apt repos${NC}" - repo_available=true - else - echo " ✗ Not in apt repos" - fi - fi - - # Option 2: Check for pre-cached/pre-downloaded file - echo " [2] Checking for pre-downloaded archive..." + # Check for pre-cached/pre-downloaded file local local_archive="" - for path in /root/maldetect*.tar.gz /tmp/maldetect*.tar.gz /opt/maldetect*.tar.gz; do + for path in /root/maldetect*.tar.gz /tmp/maldetect*.tar.gz /opt/maldetect*.tar.gz ~/maldetect*.tar.gz; do if [ -f "$path" ]; then local_archive="$path" - echo -e " ${GREEN}✓ Found: $path${NC}" - repo_available=true + echo -e "${GREEN}✓ Found archive: $path${NC}" break fi done - echo "" - - if [ "$repo_available" = true ]; then - if [ -n "$local_archive" ]; then - echo "Using pre-downloaded archive: $local_archive" - cp "$local_archive" /tmp/maldetect-offline.tar.gz - best_source="offline" - best_version="offline-archive" - best_url="none" - else - echo "Attempting to install from system repositories..." - if command -v yum &>/dev/null; then - yum install -y maldet 2>&1 | tail -5 - elif command -v apt-get &>/dev/null; then - apt-get install -y maldet 2>&1 | tail -5 - fi - - if is_maldet_installed; then - echo -e "${GREEN}✓ Maldet installed from repositories${NC}" - echo "" - echo "Updating malware signatures..." - if command -v maldet &>/dev/null; then - maldet -u > /dev/null 2>&1 & - echo " (signatures updating in background)" - fi - echo "" - read -p "Press Enter to continue..." < /dev/tty 2>/dev/null || true - return 0 - fi - fi + if [ -n "$local_archive" ]; then + echo "" + echo "Using pre-downloaded archive..." + cp "$local_archive" /tmp/maldetect-offline.tar.gz + temp_file="/tmp/maldetect-offline.tar.gz" + download_success=true + best_source="offline-archive" else - echo -e "${RED}✗ No installation method available${NC}" + echo -e "${RED}✗ No local archive found${NC}" echo "" - echo "Network is unreachable. To install Maldet, use one of these methods:" + echo "All sources unreachable. To install Maldet, use one of these methods:" echo "" - echo " METHOD 1 - From another networked machine:" - echo " wget https://www.rfxn.com/downloads/maldetect-latest.tar.gz" - echo " scp maldetect-latest.tar.gz root@YOUR-SERVER:/root/" + echo " METHOD 1 - Download on networked machine and transfer:" + echo " On another server with internet:" + echo " wget https://www.rfxn.com/downloads/maldetect-latest.tar.gz" + echo " Then copy to this server:" + echo " scp maldetect-latest.tar.gz root@YOUR-SERVER:/root/" + echo " Then run this installer again" echo "" - echo " METHOD 2 - Via GitHub (alternative):" - echo " wget https://github.com/rfxn/maldet/archive/refs/heads/main.tar.gz" - echo " scp main.tar.gz root@YOUR-SERVER:/root/" + echo " METHOD 2 - GitHub source as alternative:" + echo " wget https://github.com/rfxn/maldet/archive/refs/heads/main.tar.gz -O /root/maldetect.tar.gz" + echo " (then run this installer again)" echo "" - echo " METHOD 3 - From system repositories:" - echo " yum install -y maldet # CentOS/RHEL" - echo " apt-get install -y maldet # Ubuntu/Debian" - echo "" - echo "After downloading, place the archive in /root/ and run this installer again." + echo "Once you place the archive in /root/ (or /tmp/ or /opt/), run installer again." echo "" read -p "Press Enter to continue..." < /dev/tty 2>/dev/null || true return 1 fi fi - echo "" + # At this point, download_success should be true with temp_file set + if [ "$download_success" = true ] && [ -f "$temp_file" ] && [ -s "$temp_file" ]; then + echo "Installing from $best_source..." + echo "" - # Download from the best source (or use offline if already copied) - local temp_file="maldetect-${best_version}.tar.gz" + # Extract and install + echo " Extracting archive..." + if tar xzf "$temp_file" 2>/dev/null; then + echo " Running installer..." + if cd maldetect-* 2>/dev/null && bash install.sh > /tmp/maldet-install.log 2>&1; then + echo -e " ${GREEN}✓ Maldet installed successfully${NC}" - if [ "$best_source" = "offline" ]; then - echo "Using offline archive: /tmp/maldetect-offline.tar.gz" - temp_file="/tmp/maldetect-offline.tar.gz" - else - echo "Downloading $best_version..." - if wget -q --timeout=15 -O "$temp_file" "$best_url" 2>/dev/null; then - echo -e "${GREEN}✓ Download successful${NC}" - else - echo -e "${RED}✗ Download failed from $best_source${NC}" - rm -f "$temp_file" - return 1 - fi - fi - - echo "" - - # Extract and install - echo "Extracting archive..." - if tar xzf "$temp_file" 2>/dev/null; then - echo "Running installer..." - if cd maldetect-* 2>/dev/null && bash install.sh > /tmp/maldet-install.log 2>&1; then - echo -e "${GREEN}✓ Maldet installed successfully (version: $best_version)${NC}" - - # Update signatures in background - echo "" - echo "Updating malware signatures..." - if command -v maldet &>/dev/null; then - maldet -u > /dev/null 2>&1 & - echo " (signatures updating in background)" + # Update signatures in background + echo "" + echo "Updating malware signatures..." + if command -v maldet &>/dev/null; then + maldet -u > /dev/null 2>&1 & + echo " (signatures updating in background)" + fi + else + echo -e " ${RED}✗ Installation failed. Check /tmp/maldet-install.log${NC}" fi + cd /tmp + rm -rf maldetect-* maldetect-latest.tar.gz 2>/dev/null || true else - echo -e "${RED}✗ Installation failed. Check /tmp/maldet-install.log${NC}" + echo -e " ${RED}✗ Failed to extract archive${NC}" + rm -f "$temp_file" fi - cd /tmp - rm -rf maldetect-* "maldetect-${best_version}.tar.gz" 2>/dev/null || true else - echo -e "${RED}✗ Failed to extract archive${NC}" - rm -f "$temp_file" + echo -e "${RED}✗ No valid archive available for extraction${NC}" fi echo ""