diff --git a/modules/security/malware-scanner.sh b/modules/security/malware-scanner.sh index 8256805..79855ad 100755 --- a/modules/security/malware-scanner.sh +++ b/modules/security/malware-scanner.sh @@ -655,6 +655,7 @@ generate_standalone_scanner() { # Create standalone scan script cat > "$session_dir/scan.sh" << 'STANDALONE_EOF' #!/bin/bash +set -o pipefail ################################################################################ # Standalone Malware Scanner @@ -816,15 +817,15 @@ else echo "→ Installing Rootkit Hunter (temporary, will be removed after scan)..." if command -v yum &>/dev/null; then - # Ensure EPEL is available + # Ensure EPEL is available for RHEL-based systems if ! rpm -qa | grep -q epel-release; then - yum install -y epel-release &>/dev/null + log_message "RKHunter: Installing EPEL repository..." + yum install -y epel-release &>/dev/null || log_message "WARNING: EPEL install failed" fi - # Install rkhunter - yum install -y rkhunter &>/dev/null - - if command -v rkhunter &>/dev/null; then + # Install rkhunter via yum + log_message "RKHunter: Installing via yum..." + if yum install -y rkhunter &>/dev/null; then # Update definitions and initialize baseline rkhunter --update &>/dev/null rkhunter --propupd &>/dev/null @@ -833,7 +834,26 @@ else RKHUNTER_TEMP_INSTALLED=true log_message "RKHunter installed temporarily" echo " ✓ RKHunter installed (will be removed after scan)" + else + log_message "WARNING: RKHunter yum install failed" fi + elif command -v apt-get &>/dev/null; then + # Install rkhunter via apt-get on Debian-based systems + log_message "RKHunter: Installing via apt-get..." + if apt-get update &>/dev/null && apt-get install -y rkhunter &>/dev/null; then + # Update definitions and initialize baseline + rkhunter --update &>/dev/null + rkhunter --propupd &>/dev/null + + AVAILABLE_SCANNERS+=("rkhunter") + RKHUNTER_TEMP_INSTALLED=true + log_message "RKHunter installed temporarily" + echo " ✓ RKHunter installed (will be removed after scan)" + else + log_message "WARNING: RKHunter apt-get install failed" + fi + else + log_message "WARNING: Neither yum nor apt-get found - cannot auto-install RKHunter" fi fi @@ -888,7 +908,7 @@ if [ "$AVAILABLE_MB" -lt 100 ]; then echo "⚠️ WARNING: Low disk space on $SCAN_DIR_FS ($AVAILABLE_MB MB available)" echo "Scan logs may be large. Recommend at least 100 MB free space." echo "" - read -t 10 -p "Continue anyway? (y/N): " continue_scan + read -t 10 -p "Continue anyway? (y/N): " continue_scan /dev/null || continue_scan="n" if [[ ! "$continue_scan" =~ ^[Yy]$ ]]; then log_message "Scan cancelled due to low disk space" echo "Scan cancelled." @@ -1054,7 +1074,7 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do log_message "ClamAV: Starting scan with activity monitoring" echo "" - echo " 📁 Scanning path(s): ${SCAN_PATHS[*]}" + echo " 📁 Scanning path(s): ${SCAN_PATHS[@]}" echo " ⏳ Scanner: ClamAV (comprehensive virus scan...)" echo "" @@ -1134,7 +1154,7 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do # Get scan stats from log (FIXED Issue 1B: robust number extraction independent of column position) FILES_SCANNED=$(grep "Scanned files:" "$LOG_DIR/clamav.log" 2>/dev/null | tail -1 | grep -oE '[0-9]+' | head -1 || echo "0") - CLAM_INFECTED=$(grep -c "FOUND" "$LOG_DIR/clamav.log" 2>/dev/null || echo 0) + CLAM_INFECTED=$(grep -c "FOUND" "$LOG_DIR/clamav.log" 2>/dev/null) || CLAM_INFECTED=0 # Validate numbers (ensure they're numeric) if ! [[ "$FILES_SCANNED" =~ ^[0-9]+$ ]]; then @@ -1161,7 +1181,7 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do log_message "Maldet: Starting scan with live progress" echo "" - echo " 📁 Scanning path(s): ${SCAN_PATHS[*]}" + echo " 📁 Scanning path(s): ${SCAN_PATHS[@]}" echo " ⏳ Scanner: Maldet/LMD (Linux-specific malware detection...)" echo "" @@ -1301,7 +1321,7 @@ for scanner in "${AVAILABLE_SCANNERS[@]}"; do fi # Extract warnings (FIXED Issue 3B: add numeric validation) - RKH_WARNINGS=$(grep -c "Warning:" "$LOG_DIR/rkhunter.log" 2>/dev/null || echo 0) + RKH_WARNINGS=$(grep -c "Warning:" "$LOG_DIR/rkhunter.log" 2>/dev/null) || RKH_WARNINGS=0 if ! [[ "$RKH_WARNINGS" =~ ^[0-9]+$ ]]; then RKH_WARNINGS=0 fi @@ -1643,7 +1663,7 @@ echo "" echo "Press Ctrl+A then D to detach from this screen session," echo "or press Enter to open an interactive shell in this session..." echo "" -read -t 30 -p "" +read -t 30 -p "" /dev/null || true # Keep screen session alive with an interactive shell echo ""