Fix malware scanner: entire server scope, screen persistence, selective cleanup
Three critical fixes to improve malware scanner usability:
1. Entire Server Scan Scope (line 1132):
- Changed from scanning only cPanel docroots to scanning entire filesystem
- scan_paths=("/") instead of scan_paths=("${sanitized_docroot[@]}")
- Updated display message: "Scan scope: Entire server from /"
- Fixes issue where "Entire server" option only scanned user directories
2. Screen Session Persistence (line 917):
- Added 'exec bash' at end of scan script to keep screen session alive
- User now has time to review summary and answer cleanup prompt
- Screen won't auto-close when script finishes
- Provides option to open interactive shell or detach (Ctrl+A then D)
- Fixes premature session termination issue
3. Selective Cleanup (lines 883-899):
- Changed cleanup to only delete scan.sh script
- Logs and results are always preserved at /opt/malware-*/
- New prompt: "Delete scan script? (Logs and results will be preserved)"
- Only removes scan.sh when user answers "yes"
- User can manually delete entire directory if needed: rm -rf $SCAN_DIR
- Moved RKHunter cleanup before user prompt (lines 870-880)
Benefits:
- Full server scanning actually scans from / root
- User can review results before screen closes
- Scan scripts are cleaned up for security
- Logs/results preserved for later review
- No accidental data loss
This commit is contained in:
cschantz
@@ -867,47 +867,54 @@ echo ""
|
||||
echo "=========================================="
|
||||
echo ""
|
||||
|
||||
# Prompt for cleanup
|
||||
read -p "Delete scan directory and all results? (yes/no): " cleanup_choice
|
||||
|
||||
if [ "$cleanup_choice" = "yes" ]; then
|
||||
log_message "User requested cleanup - deleting scan directory"
|
||||
echo ""
|
||||
echo "Removing scan directory..."
|
||||
cd /
|
||||
rm -rf "$SCAN_DIR"
|
||||
echo -e "${GREEN}✓ Scan directory deleted${NC}"
|
||||
echo ""
|
||||
echo "This screen session will now close."
|
||||
sleep 2
|
||||
else
|
||||
log_message "User chose to keep results"
|
||||
echo ""
|
||||
echo "Results preserved at: $SCAN_DIR"
|
||||
echo ""
|
||||
echo "You can:"
|
||||
echo " • Review logs: ls $LOG_DIR"
|
||||
echo " • View summary: cat $SUMMARY_FILE"
|
||||
echo " • Delete manually: rm -rf $SCAN_DIR"
|
||||
echo ""
|
||||
echo "Press Ctrl+A then D to detach from this screen session"
|
||||
echo ""
|
||||
fi
|
||||
|
||||
# Cleanup: Remove rkhunter if it was temporarily installed
|
||||
if [ "$RKHUNTER_TEMP_INSTALLED" = "true" ]; then
|
||||
log_message "Removing temporarily installed RKHunter..."
|
||||
echo ""
|
||||
echo "→ Cleaning up: Removing Rootkit Hunter..."
|
||||
|
||||
if command -v yum &>/dev/null; then
|
||||
yum remove -y rkhunter &>/dev/null
|
||||
echo " ✓ RKHunter removed"
|
||||
log_message "RKHunter successfully removed"
|
||||
fi
|
||||
echo ""
|
||||
fi
|
||||
|
||||
log_message "Scan session ended"
|
||||
# Prompt for cleanup
|
||||
read -p "Delete scan script? (Logs and results will be preserved) (yes/no): " cleanup_choice
|
||||
|
||||
if [ "$cleanup_choice" = "yes" ]; then
|
||||
log_message "User requested cleanup - deleting scan script"
|
||||
echo ""
|
||||
echo "Removing scan script..."
|
||||
rm -f "$SCAN_DIR/scan.sh"
|
||||
echo -e "${GREEN}✓ Scan script deleted${NC}"
|
||||
echo ""
|
||||
echo "Results preserved at: $SCAN_DIR"
|
||||
echo ""
|
||||
else
|
||||
log_message "User chose to keep scan script"
|
||||
echo ""
|
||||
echo "Scan script and results preserved at: $SCAN_DIR"
|
||||
echo ""
|
||||
fi
|
||||
|
||||
echo "You can:"
|
||||
echo " • Review logs: ls $LOG_DIR"
|
||||
echo " • View summary: cat $SUMMARY_FILE"
|
||||
echo " • Delete scan directory manually: rm -rf $SCAN_DIR"
|
||||
echo ""
|
||||
echo "Press Ctrl+A then D to detach from this screen session,"
|
||||
echo "or press Enter to open an interactive shell in this session..."
|
||||
echo ""
|
||||
read -t 30 -p ""
|
||||
|
||||
# Keep screen session alive with an interactive shell
|
||||
echo ""
|
||||
echo "Opening interactive shell. Type 'exit' to close this screen session."
|
||||
echo ""
|
||||
|
||||
log_message "Scan session ended - opening interactive shell"
|
||||
exec bash
|
||||
STANDALONE_EOF
|
||||
|
||||
# Replace placeholder with actual paths
|
||||
@@ -1129,17 +1136,17 @@ launch_standalone_scanner_menu() {
|
||||
case $scope_choice in
|
||||
1)
|
||||
# Entire server
|
||||
scan_paths=("${sanitized_docroot[@]}")
|
||||
scan_paths=("/")
|
||||
scan_description="full server scan"
|
||||
|
||||
if [ ${#scan_paths[@]} -eq 0 ]; then
|
||||
echo -e "${RED}No docroots found!${NC}"
|
||||
echo -e "${RED}No scan paths found!${NC}"
|
||||
read -p "Press Enter to continue..."
|
||||
return 1
|
||||
fi
|
||||
|
||||
echo ""
|
||||
echo "Scan paths: ${#scan_paths[@]} docroots"
|
||||
echo "Scan scope: Entire server from /"
|
||||
;;
|
||||
|
||||
2)
|
||||
|
||||
Reference in New Issue
Block a user