Fix malware scanner: entire server scope, screen persistence, selective cleanup
Three critical fixes to improve malware scanner usability:
1. Entire Server Scan Scope (line 1132):
- Changed from scanning only cPanel docroots to scanning entire filesystem
- scan_paths=("/") instead of scan_paths=("${sanitized_docroot[@]}")
- Updated display message: "Scan scope: Entire server from /"
- Fixes issue where "Entire server" option only scanned user directories
2. Screen Session Persistence (line 917):
- Added 'exec bash' at end of scan script to keep screen session alive
- User now has time to review summary and answer cleanup prompt
- Screen won't auto-close when script finishes
- Provides option to open interactive shell or detach (Ctrl+A then D)
- Fixes premature session termination issue
3. Selective Cleanup (lines 883-899):
- Changed cleanup to only delete scan.sh script
- Logs and results are always preserved at /opt/malware-*/
- New prompt: "Delete scan script? (Logs and results will be preserved)"
- Only removes scan.sh when user answers "yes"
- User can manually delete entire directory if needed: rm -rf $SCAN_DIR
- Moved RKHunter cleanup before user prompt (lines 870-880)
Benefits:
- Full server scanning actually scans from / root
- User can review results before screen closes
- Scan scripts are cleaned up for security
- Logs/results preserved for later review
- No accidental data loss
This commit is contained in:
cschantz
@@ -867,47 +867,54 @@ echo ""
|
|||||||
echo "=========================================="
|
echo "=========================================="
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
# Prompt for cleanup
|
|
||||||
read -p "Delete scan directory and all results? (yes/no): " cleanup_choice
|
|
||||||
|
|
||||||
if [ "$cleanup_choice" = "yes" ]; then
|
|
||||||
log_message "User requested cleanup - deleting scan directory"
|
|
||||||
echo ""
|
|
||||||
echo "Removing scan directory..."
|
|
||||||
cd /
|
|
||||||
rm -rf "$SCAN_DIR"
|
|
||||||
echo -e "${GREEN}✓ Scan directory deleted${NC}"
|
|
||||||
echo ""
|
|
||||||
echo "This screen session will now close."
|
|
||||||
sleep 2
|
|
||||||
else
|
|
||||||
log_message "User chose to keep results"
|
|
||||||
echo ""
|
|
||||||
echo "Results preserved at: $SCAN_DIR"
|
|
||||||
echo ""
|
|
||||||
echo "You can:"
|
|
||||||
echo " • Review logs: ls $LOG_DIR"
|
|
||||||
echo " • View summary: cat $SUMMARY_FILE"
|
|
||||||
echo " • Delete manually: rm -rf $SCAN_DIR"
|
|
||||||
echo ""
|
|
||||||
echo "Press Ctrl+A then D to detach from this screen session"
|
|
||||||
echo ""
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Cleanup: Remove rkhunter if it was temporarily installed
|
# Cleanup: Remove rkhunter if it was temporarily installed
|
||||||
if [ "$RKHUNTER_TEMP_INSTALLED" = "true" ]; then
|
if [ "$RKHUNTER_TEMP_INSTALLED" = "true" ]; then
|
||||||
log_message "Removing temporarily installed RKHunter..."
|
log_message "Removing temporarily installed RKHunter..."
|
||||||
echo ""
|
|
||||||
echo "→ Cleaning up: Removing Rootkit Hunter..."
|
echo "→ Cleaning up: Removing Rootkit Hunter..."
|
||||||
|
|
||||||
if command -v yum &>/dev/null; then
|
if command -v yum &>/dev/null; then
|
||||||
yum remove -y rkhunter &>/dev/null
|
yum remove -y rkhunter &>/dev/null
|
||||||
echo " ✓ RKHunter removed"
|
echo " ✓ RKHunter removed"
|
||||||
log_message "RKHunter successfully removed"
|
log_message "RKHunter successfully removed"
|
||||||
fi
|
fi
|
||||||
|
echo ""
|
||||||
fi
|
fi
|
||||||
|
|
||||||
log_message "Scan session ended"
|
# Prompt for cleanup
|
||||||
|
read -p "Delete scan script? (Logs and results will be preserved) (yes/no): " cleanup_choice
|
||||||
|
|
||||||
|
if [ "$cleanup_choice" = "yes" ]; then
|
||||||
|
log_message "User requested cleanup - deleting scan script"
|
||||||
|
echo ""
|
||||||
|
echo "Removing scan script..."
|
||||||
|
rm -f "$SCAN_DIR/scan.sh"
|
||||||
|
echo -e "${GREEN}✓ Scan script deleted${NC}"
|
||||||
|
echo ""
|
||||||
|
echo "Results preserved at: $SCAN_DIR"
|
||||||
|
echo ""
|
||||||
|
else
|
||||||
|
log_message "User chose to keep scan script"
|
||||||
|
echo ""
|
||||||
|
echo "Scan script and results preserved at: $SCAN_DIR"
|
||||||
|
echo ""
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "You can:"
|
||||||
|
echo " • Review logs: ls $LOG_DIR"
|
||||||
|
echo " • View summary: cat $SUMMARY_FILE"
|
||||||
|
echo " • Delete scan directory manually: rm -rf $SCAN_DIR"
|
||||||
|
echo ""
|
||||||
|
echo "Press Ctrl+A then D to detach from this screen session,"
|
||||||
|
echo "or press Enter to open an interactive shell in this session..."
|
||||||
|
echo ""
|
||||||
|
read -t 30 -p ""
|
||||||
|
|
||||||
|
# Keep screen session alive with an interactive shell
|
||||||
|
echo ""
|
||||||
|
echo "Opening interactive shell. Type 'exit' to close this screen session."
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
log_message "Scan session ended - opening interactive shell"
|
||||||
|
exec bash
|
||||||
STANDALONE_EOF
|
STANDALONE_EOF
|
||||||
|
|
||||||
# Replace placeholder with actual paths
|
# Replace placeholder with actual paths
|
||||||
@@ -1129,17 +1136,17 @@ launch_standalone_scanner_menu() {
|
|||||||
case $scope_choice in
|
case $scope_choice in
|
||||||
1)
|
1)
|
||||||
# Entire server
|
# Entire server
|
||||||
scan_paths=("${sanitized_docroot[@]}")
|
scan_paths=("/")
|
||||||
scan_description="full server scan"
|
scan_description="full server scan"
|
||||||
|
|
||||||
if [ ${#scan_paths[@]} -eq 0 ]; then
|
if [ ${#scan_paths[@]} -eq 0 ]; then
|
||||||
echo -e "${RED}No docroots found!${NC}"
|
echo -e "${RED}No scan paths found!${NC}"
|
||||||
read -p "Press Enter to continue..."
|
read -p "Press Enter to continue..."
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
echo "Scan paths: ${#scan_paths[@]} docroots"
|
echo "Scan scope: Entire server from /"
|
||||||
;;
|
;;
|
||||||
|
|
||||||
2)
|
2)
|
||||||
|
|||||||
Reference in New Issue
Block a user