Make RKHunter truly temporary - auto-install and auto-remove
Changed rkhunter from permanent installation to temporary session-based use, aligning with toolkit's "Download, Run, Fix, Delete" philosophy. Behavior: - Standalone scanner checks if rkhunter is installed - If NOT found: Auto-installs temporarily with EPEL - Updates definitions and initializes baseline - Runs the scan - Auto-removes rkhunter at end of scan session - Tracks installation with RKHUNTER_TEMP_INSTALLED flag Benefits: - No permanent footprint on server - Automatic cleanup after use - Still available in "Install All Scanners" for users who want it permanent - Standalone scans are truly self-contained and temporary Implementation: - Added RKHUNTER_TEMP_INSTALLED tracking variable - Auto-install logic before scanner detection - Silent installation (yum &>/dev/null) - Auto-removal after scan completes - Logged in session.log for transparency RKHunter is system-level (checks binaries/kernel) not file-level, so it doesn't need to persist - perfect candidate for temp install.
This commit is contained in:
cschantz
@@ -571,9 +571,37 @@ if command -v maldet &>/dev/null; then
|
||||
log_message "Detected: Maldet"
|
||||
fi
|
||||
|
||||
# Track if rkhunter was auto-installed (for cleanup)
|
||||
RKHUNTER_TEMP_INSTALLED=false
|
||||
|
||||
if command -v rkhunter &>/dev/null; then
|
||||
AVAILABLE_SCANNERS+=("rkhunter")
|
||||
log_message "Detected: Rootkit Hunter"
|
||||
else
|
||||
# Auto-install rkhunter temporarily for this scan
|
||||
log_message "RKHunter not found - installing temporarily..."
|
||||
echo "→ Installing Rootkit Hunter (temporary, will be removed after scan)..."
|
||||
|
||||
if command -v yum &>/dev/null; then
|
||||
# Ensure EPEL is available
|
||||
if ! rpm -qa | grep -q epel-release; then
|
||||
yum install -y epel-release &>/dev/null
|
||||
fi
|
||||
|
||||
# Install rkhunter
|
||||
yum install -y rkhunter &>/dev/null
|
||||
|
||||
if command -v rkhunter &>/dev/null; then
|
||||
# Update definitions and initialize baseline
|
||||
rkhunter --update &>/dev/null
|
||||
rkhunter --propupd &>/dev/null
|
||||
|
||||
AVAILABLE_SCANNERS+=("rkhunter")
|
||||
RKHUNTER_TEMP_INSTALLED=true
|
||||
log_message "RKHunter installed temporarily"
|
||||
echo " ✓ RKHunter installed (will be removed after scan)"
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ${#AVAILABLE_SCANNERS[@]} -eq 0 ]; then
|
||||
@@ -772,6 +800,19 @@ else
|
||||
echo ""
|
||||
fi
|
||||
|
||||
# Cleanup: Remove rkhunter if it was temporarily installed
|
||||
if [ "$RKHUNTER_TEMP_INSTALLED" = "true" ]; then
|
||||
log_message "Removing temporarily installed RKHunter..."
|
||||
echo ""
|
||||
echo "→ Cleaning up: Removing Rootkit Hunter..."
|
||||
|
||||
if command -v yum &>/dev/null; then
|
||||
yum remove -y rkhunter &>/dev/null
|
||||
echo " ✓ RKHunter removed"
|
||||
log_message "RKHunter successfully removed"
|
||||
fi
|
||||
fi
|
||||
|
||||
log_message "Scan session ended"
|
||||
STANDALONE_EOF
|
||||
|
||||
|
||||
Reference in New Issue
Block a user