cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make RKHunter truly temporary - auto-install and auto-remove

Browse Source 
Changed rkhunter from permanent installation to temporary session-based use,
aligning with toolkit's "Download, Run, Fix, Delete" philosophy.

Behavior:
- Standalone scanner checks if rkhunter is installed
- If NOT found: Auto-installs temporarily with EPEL
- Updates definitions and initializes baseline
- Runs the scan
- Auto-removes rkhunter at end of scan session
- Tracks installation with RKHUNTER_TEMP_INSTALLED flag

Benefits:
- No permanent footprint on server
- Automatic cleanup after use
- Still available in "Install All Scanners" for users who want it permanent
- Standalone scans are truly self-contained and temporary

Implementation:
- Added RKHUNTER_TEMP_INSTALLED tracking variable
- Auto-install logic before scanner detection
- Silent installation (yum &>/dev/null)
- Auto-removal after scan completes
- Logged in session.log for transparency

RKHunter is system-level (checks binaries/kernel) not file-level,
so it doesn't need to persist - perfect candidate for temp install.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
cschantz
2025-11-11 21:42:58 -05:00
parent 21b7542151
commit f702508879
1 changed files with 41 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security/malware-scanner.sh
+41
View File
@@ -571,9 +571,37 @@ if command -v maldet &>/dev/null; then
log_message "Detected: Maldet" log_message "Detected: Maldet"
fi fi
# Track if rkhunter was auto-installed (for cleanup)
RKHUNTER_TEMP_INSTALLED=false
if command -v rkhunter &>/dev/null; then if command -v rkhunter &>/dev/null; then
AVAILABLE_SCANNERS+=("rkhunter") AVAILABLE_SCANNERS+=("rkhunter")
log_message "Detected: Rootkit Hunter" log_message "Detected: Rootkit Hunter"
else
# Auto-install rkhunter temporarily for this scan
log_message "RKHunter not found - installing temporarily..."
echo "→ Installing Rootkit Hunter (temporary, will be removed after scan)..."
if command -v yum &>/dev/null; then
# Ensure EPEL is available
if ! rpm -qa | grep -q epel-release; then
yum install -y epel-release &>/dev/null
fi
# Install rkhunter
yum install -y rkhunter &>/dev/null
if command -v rkhunter &>/dev/null; then
# Update definitions and initialize baseline
rkhunter --update &>/dev/null
rkhunter --propupd &>/dev/null
AVAILABLE_SCANNERS+=("rkhunter")
RKHUNTER_TEMP_INSTALLED=true
log_message "RKHunter installed temporarily"
echo " ✓ RKHunter installed (will be removed after scan)"
fi
fi
fi fi
if [ ${#AVAILABLE_SCANNERS[@]} -eq 0 ]; then if [ ${#AVAILABLE_SCANNERS[@]} -eq 0 ]; then
@@ -772,6 +800,19 @@ else
echo "" echo ""
fi fi
# Cleanup: Remove rkhunter if it was temporarily installed
if [ "$RKHUNTER_TEMP_INSTALLED" = "true" ]; then
log_message "Removing temporarily installed RKHunter..."
echo ""
echo "→ Cleaning up: Removing Rootkit Hunter..."
if command -v yum &>/dev/null; then
yum remove -y rkhunter &>/dev/null
echo " ✓ RKHunter removed"
log_message "RKHunter successfully removed"
fi
fi
log_message "Scan session ended" log_message "Scan session ended"
STANDALONE_EOF STANDALONE_EOF