cschantz/Linux-Server-Management-Toolkit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dev
Linux-Server-Management-Too…/lib/security-tools.sh
T
Developer 5e31a1584a Fix: Apply MEDIUM priority improvements to malware scanner ecosystem 
MEDIUM PRIORITY FIXES:
- [M1] RKHunter: Dynamic config file detection with fallback
- [M2] Imunify: Support both ImunifyAV and Imunify360 variants
- [M3] ModSecurity: OS-aware audit log path detection (Debian vs RHEL)
- [M5] Maldet: Fallback directory system for update logs (not hardcoded /tmp)

IMPROVEMENTS:
- Robustness: More resilient to different installation paths and configurations
- Cross-platform: Better handling of OS-specific paths and tools
- Reliability: Respects filesystem permissions when writing logs

Tested:
- Both files pass bash -n syntax validation
- Multi-platform compatibility verified
- All previous CRITICAL and HIGH fixes intact
2026-04-22 00:23:47 -04:00

220 lines
8.9 KiB
Bash
Raw Permalink Blame History

#!/bin/bash
#############################################################################
# Security Tools - Scanner and monitoring tool paths
# Provides paths to security scanners and tools
# Must be sourced AFTER lib/system-detect.sh has set SYS_* variables
#############################################################################
# Source guard
if [ -n "${_SECURITY_TOOLS_LOADED:-}" ]; then
return 0
fi
readonly _SECURITY_TOOLS_LOADED=1
#############################################################################
# MALWARE SCANNER TOOLS
#############################################################################
derive_malware_scanners() {
# ClamAV detection and paths - Check multiple locations for freshclam
if command -v clamscan &>/dev/null; then
export SYS_SCANNER_CLAMAV="$(command -v clamscan)"
# Find freshclam in priority order: command, cPanel path, standard paths
local freshclam_bin=""
if command -v freshclam &>/dev/null; then
freshclam_bin="$(command -v freshclam)"
elif [ -f "/usr/local/cpanel/3rdparty/bin/freshclam" ]; then
freshclam_bin="/usr/local/cpanel/3rdparty/bin/freshclam"
elif [ -f "/usr/bin/freshclam" ] || [ -f "/usr/sbin/freshclam" ]; then
freshclam_bin=$(find /usr -name freshclam -type f 2>/dev/null | head -1)
fi
export SYS_SCANNER_CLAMUPDATE="$freshclam_bin"
export SYS_SCANNER_CLAMSCAN="clamscan"
export SYS_SCANNER_CLAMAV_DB="/var/lib/clamav"
export SYS_SCANNER_CLAMAV_LOG="/var/log/clamav/scan.log"
else
export SYS_SCANNER_CLAMAV=""
export SYS_SCANNER_CLAMUPDATE=""
export SYS_SCANNER_CLAMSCAN=""
export SYS_SCANNER_CLAMAV_DB=""
export SYS_SCANNER_CLAMAV_LOG=""
fi
# Maldet (Linux Malware Detect) - Check command -v first, then standard paths
if command -v maldet &>/dev/null; then
export SYS_SCANNER_MALDET="$(command -v maldet)"
export SYS_SCANNER_MALDET_DIR="$(dirname "$(command -v maldet)")"
export SYS_SCANNER_MALDET_QUARANTINE="${SYS_SCANNER_MALDET_DIR}/quarantine"
export SYS_SCANNER_MALDET_LOG="/var/log/maldet.log"
elif [ -f "/usr/local/maldetect/maldet" ]; then
export SYS_SCANNER_MALDET="/usr/local/maldetect/maldet"
export SYS_SCANNER_MALDET_DIR="/usr/local/maldetect"
export SYS_SCANNER_MALDET_QUARANTINE="/usr/local/maldetect/quarantine"
export SYS_SCANNER_MALDET_LOG="/var/log/maldet.log"
else
export SYS_SCANNER_MALDET=""
export SYS_SCANNER_MALDET_DIR=""
export SYS_SCANNER_MALDET_QUARANTINE=""
export SYS_SCANNER_MALDET_LOG=""
fi
# RKHunter (Rootkit Hunter) - Detect paths dynamically
if command -v rkhunter &>/dev/null; then
export SYS_SCANNER_RKHUNTER="$(command -v rkhunter)"
# Try to find config file
if [ -f "/etc/rkhunter.conf" ]; then
export SYS_SCANNER_RKHUNTER_CONFIG="/etc/rkhunter.conf"
else
export SYS_SCANNER_RKHUNTER_CONFIG="$(rkhunter --show-config 2>/dev/null | grep '^CONFIGFILE' | cut -d= -f2)"
fi
export SYS_SCANNER_RKHUNTER_DB="/var/lib/rkhunter/db"
export SYS_SCANNER_RKHUNTER_LOG="/var/log/rkhunter.log"
else
export SYS_SCANNER_RKHUNTER=""
export SYS_SCANNER_RKHUNTER_CONFIG=""
export SYS_SCANNER_RKHUNTER_DB=""
export SYS_SCANNER_RKHUNTER_LOG=""
fi
# Imunify (both ImunifyAV and Imunify360) - Check both variants
if command -v imunify-antivirus &>/dev/null; then
export SYS_SCANNER_IMUNIFY="$(command -v imunify-antivirus)"
export SYS_SCANNER_IMUNIFY_CONFIG="/etc/sysconfig/imunify360"
export SYS_SCANNER_IMUNIFY_DB="/var/lib/imunify360"
export SYS_SCANNER_IMUNIFY_LOG="/var/log/imunify360/imunify360.log"
elif command -v imunify360-agent &>/dev/null; then
export SYS_SCANNER_IMUNIFY="$(command -v imunify360-agent)"
export SYS_SCANNER_IMUNIFY_CONFIG="/etc/sysconfig/imunify360"
export SYS_SCANNER_IMUNIFY_DB="/var/lib/imunify360"
export SYS_SCANNER_IMUNIFY_LOG="/var/log/imunify360/imunify360.log"
else
export SYS_SCANNER_IMUNIFY=""
export SYS_SCANNER_IMUNIFY_CONFIG=""
export SYS_SCANNER_IMUNIFY_DB=""
export SYS_SCANNER_IMUNIFY_LOG=""
fi
}
#############################################################################
# CONTROL PANEL SECURITY TOOLS
#############################################################################
derive_control_panel_security_tools() {
case "$SYS_CONTROL_PANEL" in
cpanel)
# cPanel security tools
export SYS_CPANEL_WHMAPI="/usr/local/cpanel/whostmgr/docroot/cgi/whmapi1"
export SYS_CPANEL_UAPI="/usr/local/cpanel/uapi"
export SYS_CPANEL_HULK="/usr/sbin/csf" # CSF is primary on cPanel
export SYS_CPANEL_SCAN_TOOL="/usr/local/cpanel/scripts/checkfiles"
export SYS_CPANEL_MALWARE_SCANNER="/usr/local/cpanel/scripts/scan_malware"
;;
plesk)
# Plesk security tools and APIs
export SYS_PLESK_API="/usr/local/psa/bin/plesk"
export SYS_PLESK_ADMIN_API="/usr/local/psa/admin/bin/api.sh"
export SYS_PLESK_EXTENSION_API="/usr/local/psa/admin/bin/extension"
export SYS_PLESK_MTA_SCAN="/usr/local/psa/bin/postfix_control"
;;
interworx)
# InterWorx CLI tools
export SYS_INTERWORX_BIN="/home/interworx/bin"
export SYS_INTERWORX_NODEWORX="/home/interworx/bin/nodeworx"
export SYS_INTERWORX_SITEWORX="/home/interworx/bin/siteworx"
;;
*)
export SYS_CPANEL_WHMAPI=""
export SYS_CPANEL_UAPI=""
export SYS_CPANEL_HULK=""
export SYS_CPANEL_SCAN_TOOL=""
export SYS_CPANEL_MALWARE_SCANNER=""
export SYS_PLESK_API=""
export SYS_PLESK_ADMIN_API=""
export SYS_PLESK_EXTENSION_API=""
export SYS_PLESK_MTA_SCAN=""
export SYS_INTERWORX_BIN=""
export SYS_INTERWORX_NODEWORX=""
export SYS_INTERWORX_SITEWORX=""
;;
esac
}
#############################################################################
# SYSTEM SECURITY TOOLS
#############################################################################
derive_system_security_tools() {
# Fail2Ban
if command -v fail2ban-client &>/dev/null; then
export SYS_FAIL2BAN_CLIENT="$(command -v fail2ban-client)"
export SYS_FAIL2BAN_CONFIG="/etc/fail2ban"
export SYS_FAIL2BAN_JAIL="/etc/fail2ban/jail.local"
else
export SYS_FAIL2BAN_CLIENT=""
export SYS_FAIL2BAN_CONFIG=""
export SYS_FAIL2BAN_JAIL=""
fi
# ModSecurity - Detect paths based on OS type
if [ -f "/etc/apache2/mods-enabled/security.load" ] || [ -f "/etc/httpd/conf.modules.d/10-mod_security.conf" ]; then
export SYS_MODSECURITY_ENABLED="1"
if [ "$SYS_OS_TYPE" = "ubuntu" ] || [ "$SYS_OS_TYPE" = "debian" ]; then
export SYS_MODSECURITY_CONF="/etc/apache2/mods-available/security.conf"
export SYS_MODSECURITY_AUDIT_LOG="/var/log/apache2/modsec_audit.log"
else
# CentOS/RHEL/other
export SYS_MODSECURITY_CONF="/etc/httpd/conf.d/mod_security.conf"
export SYS_MODSECURITY_AUDIT_LOG="/var/log/httpd/modsec_audit.log"
fi
export SYS_MODSECURITY_RULES="/etc/modsecurity"
else
export SYS_MODSECURITY_ENABLED=""
export SYS_MODSECURITY_CONF=""
export SYS_MODSECURITY_RULES=""
export SYS_MODSECURITY_AUDIT_LOG=""
fi
# SELinux - Use timeout to prevent hangs on misconfigured systems
if command -v getenforce &>/dev/null; then
export SYS_SELINUX_ENABLED="1"
export SYS_SELINUX_STATUS="$(timeout 5 getenforce 2>/dev/null || echo "unknown")"
export SYS_SELINUX_CONFIG="/etc/selinux/config"
else
export SYS_SELINUX_ENABLED=""
export SYS_SELINUX_STATUS=""
export SYS_SELINUX_CONFIG=""
fi
# AppArmor - Use timeout to prevent hangs
if command -v aa-status &>/dev/null; then
export SYS_APPARMOR_ENABLED="1"
# aa-status can hang on some systems, use timeout
if timeout 5 aa-status &>/dev/null; then
export SYS_APPARMOR_CONFIG="/etc/apparmor"
else
export SYS_APPARMOR_CONFIG=""
fi
else
export SYS_APPARMOR_ENABLED=""
export SYS_APPARMOR_CONFIG=""
fi
}
#############################################################################
# MAIN DERIVATION FUNCTION
#############################################################################
derive_all_security_tools() {
derive_malware_scanners
derive_control_panel_security_tools
derive_system_security_tools
}
# Auto-run if sourced with detection complete
if [ -n "${SYS_DETECTION_COMPLETE:-}" ]; then
derive_all_security_tools
fi
Reference in New Issue View Git Blame Copy Permalink