diff --git a/modules/security/malware-scanner.sh b/modules/security/malware-scanner.sh index 6bc8f55..63ac537 100755 --- a/modules/security/malware-scanner.sh +++ b/modules/security/malware-scanner.sh @@ -63,6 +63,71 @@ if ! validate_required_functions; then exit 1 fi +# Auto-detect web server document root for ImunifyAV standalone UI path +get_web_root_for_imunify() { + local detected_root="" + + # Try Apache on Debian/Ubuntu (apache2ctl) + if command -v apache2ctl &>/dev/null; then + detected_root=$(apache2ctl -S 2>/dev/null | grep "^\*:" | head -1 | awk '{print $NF}' | sed 's/*://' || echo "") + if [ -n "$detected_root" ] && [ -d "$detected_root" ]; then + echo "$detected_root" + return 0 + fi + fi + + # Try Apache on RHEL/CentOS (httpd -S) + if command -v httpd &>/dev/null; then + detected_root=$(httpd -S 2>/dev/null | grep "^\*:" | head -1 | awk '{print $NF}' | sed 's/*://' || echo "") + if [ -n "$detected_root" ] && [ -d "$detected_root" ]; then + echo "$detected_root" + return 0 + fi + fi + + # Try Nginx (nginx -T) + if command -v nginx &>/dev/null; then + detected_root=$(nginx -T 2>/dev/null | grep "^\s*root " | head -1 | awk '{print $NF}' | sed 's/;//' || echo "") + if [ -n "$detected_root" ] && [ -d "$detected_root" ]; then + echo "$detected_root" + return 0 + fi + fi + + # Try parsing Apache config files directly + for conf_file in /etc/apache2/apache2.conf /etc/httpd/conf/httpd.conf /etc/apache2/sites-enabled/*.conf /etc/httpd/conf.d/*.conf; do + if [ -f "$conf_file" ] 2>/dev/null; then + detected_root=$(grep -E "^\s*DocumentRoot|^\s*root " "$conf_file" 2>/dev/null | head -1 | awk '{print $NF}' | sed 's/"//g' || echo "") + if [ -n "$detected_root" ] && [ -d "$detected_root" ]; then + echo "$detected_root" + return 0 + fi + fi + done + + # Try Nginx config files directly + for conf_file in /etc/nginx/nginx.conf /etc/nginx/conf.d/*.conf /etc/nginx/sites-enabled/*.conf; do + if [ -f "$conf_file" ] 2>/dev/null; then + detected_root=$(grep -E "^\s*root " "$conf_file" 2>/dev/null | head -1 | awk '{print $NF}' | sed 's/;//' || echo "") + if [ -n "$detected_root" ] && [ -d "$detected_root" ]; then + echo "$detected_root" + return 0 + fi + fi + done + + # Try common default locations in order of likelihood + for path in /var/www/html /home /srv/www /var/www /usr/share/nginx/html /var/www/vhosts; do + if [ -d "$path" ] && [ -w "$path" ]; then + echo "$path" + return 0 + fi + done + + # Absolute fallback + echo "/var/www/html" +} + # Individual scanner detection functions is_imunify_installed() { command -v imunify-antivirus &>/dev/null || [ -f "/usr/bin/imunify-antivirus" ] @@ -412,82 +477,34 @@ install_all_scanners() { echo -e " ${GREEN}✓${NC} integration.conf already exists with ui_path: $imav_ui_path" echo " Proceeding with existing configuration." else - # Auto-detect web server document root - local imav_default_path="/var/www/html/imunifyav" + # Auto-detect web server document root (no prompting) + local imav_detected_root + imav_detected_root=$(get_web_root_for_imunify) + imav_ui_path="$imav_detected_root/imunifyav" - # Try Apache - if command -v apache2ctl &>/dev/null; then - local apache_root=$(apache2ctl -S 2>/dev/null | grep "^\*:" | head -1 | awk '{print $NF}' | sed 's/*://' || echo "") - if [ -n "$apache_root" ] && [ -d "$apache_root" ]; then - imav_default_path="$apache_root/imunifyav" - fi - elif command -v httpd &>/dev/null; then - local httpd_root=$(httpd -S 2>/dev/null | grep "^\*:" | head -1 | awk '{print $NF}' | sed 's/*://' || echo "") - if [ -n "$httpd_root" ] && [ -d "$httpd_root" ]; then - imav_default_path="$httpd_root/imunifyav" - fi - fi + echo -e " ${GREEN}✓${NC} Auto-detected web root: $imav_detected_root" + echo " UI will be deployed to: $imav_ui_path" + fi - # Try Nginx if Apache not found - if [ "$imav_default_path" = "/var/www/html/imunifyav" ] && command -v nginx &>/dev/null; then - local nginx_root=$(nginx -T 2>/dev/null | grep "root " | head -1 | awk '{print $NF}' | sed 's/;//' || echo "") - if [ -n "$nginx_root" ] && [ -d "$nginx_root" ]; then - imav_default_path="$nginx_root/imunifyav" - fi - fi - - # Prompt user for ui_path with detected default - echo " Enter the web server document root path for the ImunifyAV UI." - echo " This directory will be served by your web server (Apache/Nginx)." - echo " Enter 0 to cancel ImunifyAV installation." - echo "" - read -p " ui_path [$imav_default_path]: " imav_ui_input - - # Handle cancel - if [ "$imav_ui_input" = "0" ]; then - echo " → Skipping ImunifyAV installation." - # Jump past the download/deploy block entirely + # Create config directory if needed + if [ "$imav_is_standalone" -ne 2 ]; then + echo " → Creating $imav_conf_dir ..." + mkdir -p "$imav_conf_dir" || { + echo -e "${RED} ✗ Cannot create $imav_conf_dir - check permissions. Skipping ImunifyAV.${NC}" imav_is_standalone=2 - fi + } + fi - if [ "$imav_is_standalone" -ne 2 ]; then - # Apply default if blank, otherwise use user input - if [ -z "$imav_ui_input" ]; then - imav_ui_path="$imav_default_path" - else - imav_ui_path="$imav_ui_input" - fi + # Write minimal integration.conf (only ui_path is required) + if [ "$imav_is_standalone" -ne 2 ]; then + printf '[paths]\nui_path = %s\n' "$imav_ui_path" > "$imav_conf_file" || { + echo -e "${RED} ✗ Cannot write $imav_conf_file. Skipping ImunifyAV.${NC}" + imav_is_standalone=2 + } + fi - # Input validation: must be an absolute path, no spaces - if [[ "$imav_ui_path" != /* ]]; then - echo -e "${RED} ✗ Path must be absolute (start with /). Skipping ImunifyAV.${NC}" - imav_is_standalone=2 - elif [[ "$imav_ui_path" =~ [[:space:]] ]]; then - echo -e "${RED} ✗ Path must not contain spaces. Skipping ImunifyAV.${NC}" - imav_is_standalone=2 - fi - fi - - if [ "$imav_is_standalone" -ne 2 ]; then - # Create config directory if needed - echo " → Creating $imav_conf_dir ..." - mkdir -p "$imav_conf_dir" || { - echo -e "${RED} ✗ Cannot create $imav_conf_dir - check permissions. Skipping ImunifyAV.${NC}" - imav_is_standalone=2 - } - fi - - if [ "$imav_is_standalone" -ne 2 ]; then - # Write minimal integration.conf (only ui_path is required) - printf '[paths]\nui_path = %s\n' "$imav_ui_path" > "$imav_conf_file" || { - echo -e "${RED} ✗ Cannot write $imav_conf_file. Skipping ImunifyAV.${NC}" - imav_is_standalone=2 - } - fi - - if [ "$imav_is_standalone" -ne 2 ]; then - echo -e " ${GREEN}✓${NC} integration.conf written: ui_path = $imav_ui_path" - fi + if [ "$imav_is_standalone" -ne 2 ]; then + echo -e " ${GREEN}✓${NC} integration.conf written: ui_path = $imav_ui_path" fi # SELinux warning for RHEL-family systems