forked from rfxn/linux-malware-detect
-
Notifications
You must be signed in to change notification settings - Fork 0
/
install.sh
executable file
·160 lines (152 loc) · 5.88 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
#!/usr/bin/env bash
#
##
# Linux Malware Detect v1.6.2
# (C) 2002-2017, R-fx Networks <proj@r-fx.org>
# (C) 2017, Ryan MacDonald <ryan@r-fx.org>
# This program may be freely redistributed under the terms of the GNU GPL v2
##
#
PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
ver=1.6
inspath=/usr/local/maldetect
logf=$inspath/logs/event_log
conftemp="$inspath/internals/importconf"
find=`which find 2> /dev/null`
clamav_linksigs() {
cpath="$1"
if [ -d "$cpath" ]; then
rm -f $cpath/rfxn.* ; cp -f $inspath/sigs/rfxn.ndb $inspath/sigs/rfxn.hdb $cpath/ 2> /dev/null
rm -f $cpath/lmd.user.* ; cp -f $inspath/sigs/lmd.user.ndb $inspath/sigs/lmd.user.hdb $cpath/ 2> /dev/null
fi
}
if [ ! -d "$inspath" ] && [ -d "files" ]; then
mkdir -p $inspath
chmod 755 $inspath
cp -pR files/* $inspath
chmod 755 $inspath/maldet
mkdir -p $inspath/clean $inspath/pub $inspath/quarantine $inspath/sess $inspath/sigs $inspath/tmp 2> /dev/null
chmod 750 $inspath/quarantine $inspath/sess $inspath/tmp $inspath/internals/tlog 2> /dev/null
ln -fs $inspath/maldet /usr/local/sbin/maldet
ln -fs $inspath/maldet /usr/local/sbin/lmd
cp -f CHANGELOG COPYING.GPL README $inspath/
clamav_paths="/usr/local/cpanel/3rdparty/share/clamav/ /var/lib/clamav/ /var/clamav/ /usr/share/clamav/ /usr/local/share/clamav"
for lp in $clamav_paths; do
clamav_linksigs "$lp"
done
killall -SIGUSR2 clamd 2> /dev/null
else
if [ "$(ps -A --user root -o "cmd" 2> /dev/null | grep maldetect | grep inotifywait)" ]; then
$inspath/maldet -k >> /dev/null 2>&1
monmode=1
fi
$find ${inspath}.* -maxdepth 0 -type d -mtime +30 2> /dev/null | xargs rm -rf
mv $inspath $inspath.bk$$
ln -fs $inspath.bk$$ $inspath.last
mkdir -p $inspath
chmod 755 $inspath
cp -pR files/* $inspath
chmod 755 $inspath/maldet
ln -fs $inspath/maldet /usr/local/sbin/maldet
ln -fs $inspath/maldet /usr/local/sbin/lmd
mkdir -p /usr/local/share/man/man1/
gzip -9 $inspath/maldet.1
ln -fs $inspath/maldet.1.gz /usr/local/share/man/man1/maldet.1.gz
cp -f $inspath.bk$$/ignore_* $inspath/ >> /dev/null 2>&1
if [ "$ver" == "1.5" ] || [ "$ver" == "1.6" ]; then
cp -f $inspath.bk$$/sess/* $inspath/sess/ >> /dev/null 2>&1
cp -f $inspath.bk$$/tmp/* $inspath/tmp/ >> /dev/null 2>&1
cp -f $inspath.bk$$/quarantine/* $inspath/quarantine/ >> /dev/null 2>&1
cp -f $inspath.bk$$/cron/* $inspath/cron/
fi
cp -f $inspath.bk$$/sigs/custom.* $inspath/sigs/ >> /dev/null 2>&1
cp -f $inspath.bk$$/monitor_paths $inspath/ >> /dev/null 2>&1
cp -pf $inspath.bk$$/clean/custom.* $inspath/clean/ >> /dev/null 2>&1
cp -f CHANGELOG COPYING.GPL README $inspath/
mkdir -p $inspath/clean $inspath/pub $inspath/quarantine $inspath/sess $inspath/sigs $inspath/tmp 2> /dev/null
chmod 750 $inspath/quarantine $inspath/sess $inspath/tmp $inspath/internals/tlog 2> /dev/null
clamav_paths="/usr/local/cpanel/3rdparty/share/clamav/ /var/lib/clamav/ /var/clamav/ /usr/share/clamav/ /usr/local/share/clamav"
for lp in $clamav_paths; do
clamav_linksigs "$lp"
done
killall -SIGUSR2 clamd 2> /dev/null
fi
if [ -d "/etc/cron.daily" ]; then
cp -f cron.daily /etc/cron.daily/maldet
chmod 755 /etc/cron.daily/maldet
fi
if [ -d "/etc/cron.d" ]; then
cp -f cron.d.pub /etc/cron.d/maldet_pub
chmod 644 /etc/cron.d/maldet_pub
fi
if [ "$(uname -s)" != "FreeBSD" ]; then
if test "$(cat /proc/1/comm 2> /dev/null)" == "systemd"
then
mkdir -p /etc/systemd/system/
mkdir -p /usr/lib/systemd/system/
cp -af ./files/service/maldet.service /usr/lib/systemd/system/
systemctl daemon-reload
systemctl enable maldet.service
else
cp -af ./files/service/maldet.sh /etc/init.d/maldet
chmod 755 /etc/init.d/maldet
chkconfig --level 2345 maldet on
fi
if [ -f /etc/redhat-release ]; then
if [ ! -f "/etc/sysconfig/maldet" ]; then
cp -f ./files/service/maldet.sysconfig /etc/sysconfig/maldet
fi
elif [ -f /etc/debian_version ] || [ -f /etc/lsb-release ]; then
if [ ! -f "/etc/default/maldet" ]; then
cp -f ./files/service/maldet.sysconfig /etc/default/maldet
fi
update-rc.d -f maldet remove
update-rc.d maldet defaults 70 30
elif [ -f /etc/gentoo-release ]; then
rc-update add maldet default
elif [ -f /etc/slackware-version ]; then
ln -sf /etc/init.d/maldet /etc/rc.d/rc3.d/S70maldet
ln -sf /etc/init.d/maldet /etc/rc.d/rc4.d/S70maldet
ln -sf /etc/init.d/maldet /etc/rc.d/rc5.d/S70maldet
else
if [ ! -f "/etc/sysconfig/maldet" ]; then
cp -f ./files/service/maldet.sysconfig /etc/sysconfig/maldet 2> /dev/null
fi
/sbin/chkconfig maldet on
fi
fi
mkdir -p $inspath/logs && touch $logf
ln -fs $logf $inspath/event_log
$inspath/maldet --alert-daily 2> /dev/null
echo "Linux Malware Detect v$ver"
echo " (C) 2002-2017, R-fx Networks <proj@r-fx.org>"
echo " (C) 2017, Ryan MacDonald <ryan@r-fx.org>"
echo "This program may be freely redistributed under the terms of the GNU GPL"
echo ""
echo "installation completed to $inspath"
echo "config file: $inspath/conf.maldet"
echo "exec file: $inspath/maldet"
echo "exec link: /usr/local/sbin/maldet"
echo "exec link: /usr/local/sbin/lmd"
echo "cron.daily: /etc/cron.daily/maldet"
if [ -f "$conftemp" ] && [ -f "${inspath}.last/conf.maldet" ]; then
. files/conf.maldet
. ${inspath}.last/conf.maldet
if [ "$quarantine_hits" == "0" ] && [ "$quar_hits" == "1" ]; then
quarantine_hits=1
fi
if [ "$quarantine_clean" == "0" ] && [ "$quar_clean" == "1" ]; then
quarantine_clean="1"
fi
if [ -f "files/internals/compat.conf" ]; then
source files/internals/compat.conf
fi
source $conftemp
echo "imported config options from $inspath.last/conf.maldet"
fi
$inspath/maldet --update 1
if [ "$monmode" == "1" ]; then
echo "detected active monitoring mode, restarted inotify watch with '-m users'"
$inspath/maldet -m users >> /dev/null 2>&1 &
fi
echo ""