cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Simplify client report to bare essentials

Browse Source 
Changed from verbose corporate report to concise results-only format.

Before (95 lines):
- Multiple section headers with decorative borders
- Lengthy explanations about what scanners were used
- Detailed security observations and attack pattern analysis
- General security recommendations (7 bullet points)
- Multiple redundant status sections

After (15 lines):
MALWARE SCAN REPORT - [date]
RESULT:  No malware found - your server is clean

OR

RESULT: ⚠️  X infected file(s) detected
INFECTED FILES:
  • [file paths]
NEXT STEPS:
  1. Remove infected files immediately
  2. Change all passwords
  3. Update WordPress/plugins to latest versions

Rationale: Customers only need results and next steps, not explanations.

Changes applied to both inline and function versions.
This commit is contained in:
cschantz
2025-12-23 16:40:09 -05:00
parent 0598bbd5ff
commit 94e3ca42c1
1 changed files with 27 additions and 216 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security/malware-scanner.sh
+27 -216
View File
@@ -1434,100 +1434,32 @@ else
# Generate report
{
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "SECURITY SCAN REPORT"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "Scan Date: $scan_date"
echo "Scan Coverage: $scan_paths"
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "OVERALL STATUS"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "MALWARE SCAN REPORT - $scan_date"
echo "═══════════════════════════════════════════════════════════"
echo ""
if [ "$real_threats_count" -eq 0 ]; then
echo "✅ NO ACTIVE MALWARE DETECTED"
echo ""
echo "Your server is clean. No malicious files were found in"
echo "web-accessible directories or user content areas."
echo "RESULT: ✅ No malware found - your server is clean"
else
echo "⚠️ MALWARE DETECTED - ACTION REQUIRED"
echo ""
echo "Found $real_threats_count infected file(s) that require immediate attention."
fi
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "SCAN DETAILS"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "We performed a comprehensive security scan using multiple"
echo "industry-standard malware detection engines:"
echo ""
echo " • ImunifyAV - Advanced threat detection"
echo " • ClamAV - Open-source antivirus engine"
echo " • Linux Maldet - Web malware specialist"
echo " • Rootkit Hunter - System integrity checker"
echo ""
if [ "$real_threats_count" -gt 0 ]; then
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "INFECTED FILES REQUIRING ATTENTION"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "RESULT: ⚠️ $real_threats_count infected file(s) detected"
echo ""
echo "INFECTED FILES:"
echo "$real_threats_list"
echo "RECOMMENDED ACTIONS:"
echo ""
echo "1. Review each file to confirm it is malicious"
echo "2. Remove or quarantine infected files immediately"
echo "3. Change all passwords (hosting, FTP, database, CMS admin)"
echo "4. Review file upload functionality in web applications"
echo "5. Update all web applications, plugins, and themes"
echo "6. Check access logs for unauthorized access patterns"
echo ""
echo "NEXT STEPS:"
echo " 1. Remove infected files immediately"
echo " 2. Change all passwords"
echo " 3. Update WordPress/plugins to latest versions"
fi
if [ -n "$false_positives_list" ]; then
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "INFORMATIONAL DETECTIONS (No Action Required)"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "The following files triggered alerts but are likely false"
echo "positives. These are log files that contain records of"
echo "attack attempts against your server (which were blocked):"
echo ""
echo "$false_positives_list"
echo "These files are safe and contain evidence of your server"
echo "correctly blocking malicious requests. No action needed."
echo ""
echo "───────────────────────────────────────────────────────────"
echo "NOTE: Attack attempts were detected in your server logs."
echo "These were successfully blocked. No action needed."
fi
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "ONGOING SECURITY RECOMMENDATIONS"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "To maintain server security, we recommend:"
echo ""
echo " ✓ Run malware scans monthly (or after any security incident)"
echo " ✓ Keep all software updated (WordPress, plugins, PHP, etc.)"
echo " ✓ Use strong, unique passwords for all accounts"
echo " ✓ Enable automatic security updates where possible"
echo " ✓ Review file permissions regularly"
echo " ✓ Monitor server logs for suspicious activity"
echo " ✓ Maintain regular backups (stored off-server)"
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "TECHNICAL DETAILS"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "Scan ID: $(basename $SCAN_DIR)"
echo "Report Generated: $(date)"
echo ""
echo "For technical details and full scan logs, please contact"
echo "your system administrator."
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
} > "$client_report_file"
fi
@@ -2456,156 +2388,35 @@ generate_client_report() {
# Generate report
{
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "SECURITY SCAN REPORT"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "Scan Date: $scan_date"
echo "Scan Coverage: $scan_paths"
echo ""
# Overall status
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "OVERALL STATUS"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "MALWARE SCAN REPORT - $scan_date"
echo "═══════════════════════════════════════════════════════════"
echo ""
if [ ${#real_threats[@]} -eq 0 ]; then
echo "✅ NO ACTIVE MALWARE DETECTED"
echo ""
echo "Your server is clean. No malicious files were found in"
echo "web-accessible directories or user content areas."
echo "RESULT: ✅ No malware found - your server is clean"
else
echo "⚠️ MALWARE DETECTED - ACTION REQUIRED"
echo "RESULT: ⚠️ ${#real_threats[@]} infected file(s) detected"
echo ""
echo "Found ${#real_threats[@]} infected file(s) that require immediate attention."
fi
echo ""
# Scan details
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "SCAN DETAILS"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "We performed a comprehensive security scan using multiple"
echo "industry-standard malware detection engines:"
echo ""
echo " • ImunifyAV - Advanced threat detection"
echo " • ClamAV - Open-source antivirus engine"
echo " • Linux Maldet - Web malware specialist"
echo " • Rootkit Hunter - System integrity checker"
echo ""
# Real threats section
if [ ${#real_threats[@]} -gt 0 ]; then
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "INFECTED FILES REQUIRING ATTENTION"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "INFECTED FILES:"
for file in "${real_threats[@]}"; do
echo "📁 $file"
# Get detection details from ClamAV log
if [ -f "$clamav_log" ]; then
local detection=$(grep "$file" "$clamav_log" | grep "FOUND" | sed 's/.*: / /' || echo " Detection: Unknown signature")
echo "$detection"
fi
echo ""
done
echo "RECOMMENDED ACTIONS:"
echo ""
echo "1. Review each file to confirm it is malicious"
echo "2. Remove or quarantine infected files immediately"
echo "3. Change all passwords (hosting, FTP, database, CMS admin)"
echo "4. Review file upload functionality in web applications"
echo "5. Update all web applications, plugins, and themes"
echo "6. Check access logs for unauthorized access patterns"
echo ""
fi
# False positives section
if [ ${#false_positives[@]} -gt 0 ]; then
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "INFORMATIONAL DETECTIONS (No Action Required)"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "The following files triggered alerts but are likely false"
echo "positives. These are log files that contain records of"
echo "attack attempts against your server (which were blocked):"
echo ""
for file in "${false_positives[@]}"; do
echo "$file"
done
echo ""
echo "These files are safe and contain evidence of your server"
echo "correctly blocking malicious requests. No action needed."
echo "NEXT STEPS:"
echo " 1. Remove infected files immediately"
echo " 2. Change all passwords"
echo " 3. Update WordPress/plugins to latest versions"
fi
if [ ${#false_positives[@]} -gt 0 ]; then
echo ""
echo "───────────────────────────────────────────────────────────"
echo "NOTE: Attack attempts were detected in your server logs."
echo "These were successfully blocked. No action needed."
fi
# Security observations
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "SECURITY OBSERVATIONS"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
# Check for attack patterns in logs
if [ -f "$clamav_log" ]; then
local attack_signatures=$(grep -o "YARA\.[a-z0-9_]*" "$clamav_log" | sort -u | sed 's/YARA\.//' | head -5)
if [ -n "$attack_signatures" ]; then
echo "Attack Patterns Detected in Logs:"
echo ""
echo "$attack_signatures" | while read sig; do
case "$sig" in
*r57*|*c99*|*shell*)
echo " • Web shell upload attempts (${sig})"
;;
*sql*)
echo " • SQL injection attempts (${sig})"
;;
*)
echo " • Malicious activity pattern: ${sig}"
;;
esac
done
echo ""
echo "These attack attempts were blocked by your server, but"
echo "they indicate your site is being actively targeted."
echo ""
fi
fi
# General recommendations
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "ONGOING SECURITY RECOMMENDATIONS"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "To maintain server security, we recommend:"
echo ""
echo " ✓ Run malware scans monthly (or after any security incident)"
echo " ✓ Keep all software updated (WordPress, plugins, PHP, etc.)"
echo " ✓ Use strong, unique passwords for all accounts"
echo " ✓ Enable automatic security updates where possible"
echo " ✓ Review file permissions regularly"
echo " ✓ Monitor server logs for suspicious activity"
echo " ✓ Maintain regular backups (stored off-server)"
echo ""
# Footer
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo "TECHNICAL DETAILS"
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
echo ""
echo "Scan ID: $session_name"
echo "Report Generated: $(date)"
echo ""
echo "For technical details and full scan logs, please contact"
echo "your system administrator."
echo ""
echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
} > "$report_file"
# Display the report