#!/bin/bash ############################################################################# # Security Tools - Scanner and monitoring tool paths # Provides paths to security scanners and tools # Must be sourced AFTER lib/system-detect.sh has set SYS_* variables ############################################################################# # Source guard if [ -n "${_SECURITY_TOOLS_LOADED:-}" ]; then return 0 fi readonly _SECURITY_TOOLS_LOADED=1 ############################################################################# # MALWARE SCANNER TOOLS ############################################################################# derive_malware_scanners() { # ClamAV detection and paths if command -v clamscan &>/dev/null; then export SYS_SCANNER_CLAMAV="$(command -v clamscan)" export SYS_SCANNER_CLAMUPDATE="$(command -v freshclam 2>/dev/null || echo '')" export SYS_SCANNER_CLAMSCAN="clamscan" export SYS_SCANNER_CLAMAV_DB="/var/lib/clamav" export SYS_SCANNER_CLAMAV_LOG="/var/log/clamav/scan.log" else export SYS_SCANNER_CLAMAV="" export SYS_SCANNER_CLAMUPDATE="" export SYS_SCANNER_CLAMSCAN="" export SYS_SCANNER_CLAMAV_DB="" export SYS_SCANNER_CLAMAV_LOG="" fi # Maldet (Linux Malware Detect) if [ -f "/usr/local/maldetect/maldet" ]; then export SYS_SCANNER_MALDET="/usr/local/maldetect/maldet" export SYS_SCANNER_MALDET_DIR="/usr/local/maldetect" export SYS_SCANNER_MALDET_QUARANTINE="/usr/local/maldetect/quarantine" export SYS_SCANNER_MALDET_LOG="/var/log/maldet.log" else export SYS_SCANNER_MALDET="" export SYS_SCANNER_MALDET_DIR="" export SYS_SCANNER_MALDET_QUARANTINE="" export SYS_SCANNER_MALDET_LOG="" fi # RKHunter (Rootkit Hunter) if command -v rkhunter &>/dev/null; then export SYS_SCANNER_RKHUNTER="$(command -v rkhunter)" export SYS_SCANNER_RKHUNTER_CONFIG="/etc/rkhunter.conf" export SYS_SCANNER_RKHUNTER_DB="/var/lib/rkhunter/db" export SYS_SCANNER_RKHUNTER_LOG="/var/log/rkhunter.log" else export SYS_SCANNER_RKHUNTER="" export SYS_SCANNER_RKHUNTER_CONFIG="" export SYS_SCANNER_RKHUNTER_DB="" export SYS_SCANNER_RKHUNTER_LOG="" fi # Imunify360 if command -v imunify360-agent &>/dev/null; then export SYS_SCANNER_IMUNIFY="$(command -v imunify360-agent)" export SYS_SCANNER_IMUNIFY_CONFIG="/etc/sysconfig/imunify360" export SYS_SCANNER_IMUNIFY_DB="/var/lib/imunify360" export SYS_SCANNER_IMUNIFY_LOG="/var/log/imunify360/imunify360.log" else export SYS_SCANNER_IMUNIFY="" export SYS_SCANNER_IMUNIFY_CONFIG="" export SYS_SCANNER_IMUNIFY_DB="" export SYS_SCANNER_IMUNIFY_LOG="" fi } ############################################################################# # CONTROL PANEL SECURITY TOOLS ############################################################################# derive_control_panel_security_tools() { case "$SYS_CONTROL_PANEL" in cpanel) # cPanel security tools export SYS_CPANEL_WHMAPI="/usr/local/cpanel/whostmgr/docroot/cgi/whmapi1" export SYS_CPANEL_UAPI="/usr/local/cpanel/uapi" export SYS_CPANEL_HULK="/usr/sbin/csf" # CSF is primary on cPanel export SYS_CPANEL_SCAN_TOOL="/usr/local/cpanel/scripts/checkfiles" export SYS_CPANEL_MALWARE_SCANNER="/usr/local/cpanel/scripts/scan_malware" ;; plesk) # Plesk security tools and APIs export SYS_PLESK_API="/usr/local/psa/bin/plesk" export SYS_PLESK_ADMIN_API="/usr/local/psa/admin/bin/api.sh" export SYS_PLESK_EXTENSION_API="/usr/local/psa/admin/bin/extension" export SYS_PLESK_MTA_SCAN="/usr/local/psa/bin/postfix_control" ;; interworx) # InterWorx CLI tools export SYS_INTERWORX_BIN="/home/interworx/bin" export SYS_INTERWORX_NODEWORX="/home/interworx/bin/nodeworx" export SYS_INTERWORX_SITEWORX="/home/interworx/bin/siteworx" ;; *) export SYS_CPANEL_WHMAPI="" export SYS_CPANEL_UAPI="" export SYS_CPANEL_HULK="" export SYS_CPANEL_SCAN_TOOL="" export SYS_CPANEL_MALWARE_SCANNER="" export SYS_PLESK_API="" export SYS_PLESK_ADMIN_API="" export SYS_PLESK_EXTENSION_API="" export SYS_PLESK_MTA_SCAN="" export SYS_INTERWORX_BIN="" export SYS_INTERWORX_NODEWORX="" export SYS_INTERWORX_SITEWORX="" ;; esac } ############################################################################# # SYSTEM SECURITY TOOLS ############################################################################# derive_system_security_tools() { # Fail2Ban if command -v fail2ban-client &>/dev/null; then export SYS_FAIL2BAN_CLIENT="$(command -v fail2ban-client)" export SYS_FAIL2BAN_CONFIG="/etc/fail2ban" export SYS_FAIL2BAN_JAIL="/etc/fail2ban/jail.local" else export SYS_FAIL2BAN_CLIENT="" export SYS_FAIL2BAN_CONFIG="" export SYS_FAIL2BAN_JAIL="" fi # ModSecurity if [ -f "/etc/apache2/mods-enabled/security.load" ] || [ -f "/etc/httpd/conf.modules.d/10-mod_security.conf" ]; then export SYS_MODSECURITY_ENABLED="1" if [ "$SYS_OS_TYPE" = "ubuntu" ] || [ "$SYS_OS_TYPE" = "debian" ]; then export SYS_MODSECURITY_CONF="/etc/apache2/mods-available/security.conf" else export SYS_MODSECURITY_CONF="/etc/httpd/conf.d/mod_security.conf" fi export SYS_MODSECURITY_RULES="/etc/modsecurity" export SYS_MODSECURITY_AUDIT_LOG="/var/log/apache2/modsec_audit.log" else export SYS_MODSECURITY_ENABLED="" export SYS_MODSECURITY_CONF="" export SYS_MODSECURITY_RULES="" export SYS_MODSECURITY_AUDIT_LOG="" fi # SELinux if command -v getenforce &>/dev/null; then export SYS_SELINUX_ENABLED="1" export SYS_SELINUX_STATUS="$(getenforce 2>/dev/null)" export SYS_SELINUX_CONFIG="/etc/selinux/config" else export SYS_SELINUX_ENABLED="" export SYS_SELINUX_STATUS="" export SYS_SELINUX_CONFIG="" fi # AppArmor if command -v aa-status &>/dev/null; then export SYS_APPARMOR_ENABLED="1" export SYS_APPARMOR_CONFIG="/etc/apparmor" else export SYS_APPARMOR_ENABLED="" export SYS_APPARMOR_CONFIG="" fi } ############################################################################# # MAIN DERIVATION FUNCTION ############################################################################# derive_all_security_tools() { derive_malware_scanners derive_control_panel_security_tools derive_system_security_tools } # Auto-run if sourced with detection complete if [ -n "${SYS_DETECTION_COMPLETE:-}" ]; then derive_all_security_tools fi