diff options
-rw-r--r-- | apps/clamav.sh | 94 | ||||
-rw-r--r-- | apps/fail2ban.sh | 8 | ||||
-rw-r--r-- | not-supported/monitor-link-shares.sh | 3 |
3 files changed, 34 insertions, 71 deletions
diff --git a/apps/clamav.sh b/apps/clamav.sh index 8821e77e..5a879920 100644 --- a/apps/clamav.sh +++ b/apps/clamav.sh @@ -108,77 +108,24 @@ SCRIPT_PATH="$SCRIPTS/nextcloud-av-notification.sh" cat << AV_NOTIFICATION >> "$SCRIPT_PATH" #!/bin/bash -# T&M Hansson IT AB © - 2021, https://www.hanssonit.se/ -# Copyright © 2021 Simon Lindner (https://github.com/szaimen) -# Copyright © Georgiy Sitnikov -# Inspired by/based on https://github.com/GAS85/nextcloud_scripts/blob/master/nextcloud-av-notification.sh - -SCRIPT_NAME="Nextcloud Antivirus Notification" -SCRIPT_EXPLAINER="This script sends notifications about infected files." - -# Variables -lastMinutes=30 -LOGFILE="/var/log/nextcloud/nextcloud.log" -tempfile="/tmp/nextcloud_av_notofications-\$(date +"%M-%N").tmp" -getCurrentTimeZone=\$(date +"%:::z") -getCurrentTimeZone="\${getCurrentTimeZone:1}" -timeShiftTo=\$((60 * \$getCurrentTimeZone)) -timeShiftFrom=\$((60 * \$getCurrentTimeZone + \$lastMinutes)) -dateFrom=\$(date --date="-\$timeShiftFrom min" "+%Y-%m-%dT%H:%M:00+00:00") -dateTo=\$(date --date="-\$timeShiftTo min" "+%Y-%m-%dT%H:%M:00+00:00") - -# Check if nextcloud.log exist -if ! [ -f "\$LOGFILE" ] +INFECTED_FILES_LOG="\$(timeout 30m tail -n0 -f "$VMLOGS/nextcloud.log" | grep "Infected file" | grep '"level":4,')" +if [ -z "\$INFECTED_FILES_LOG" ] then exit fi -# Extract logs for a last defined minutes -awk -v d1="\$dateFrom" -v d2="\$dateTo" -F'["]' '\$10 > d1 && \$10 < d2 || \$10 ~ d2' "\$LOGFILE" \ -| grep "Infected file" | awk -F'["]' '{print \$34}' > "\$tempfile" +source "$SCRIPTS/fetch_lib.sh" +INFECTED_FILES_LOG="\$(prettify_json "\$INFECTED_FILES_LOG")" +INFECTED_FILES="\$(echo "\$INFECTED_FILES_LOG" | grep '"message":' | sed 's|.*"message": "||;s| File: .*||' | sort | uniq)" -# Extract logs for a last defined minutes, from a ROTATED log if present -if test "\$(find "\$LOGFILE.1" -mmin -"\$lastMinutes")" +if ! send_mail "Virus was found" "The following action was executed by the antivirus app: +\$INFECTED_FILES\n +See the full log below: +\$INFECTED_FILES_LOG" then - awk -v d1="\$dateFrom" -v d2="\$dateTo" -F'["]' '\$10 > d1 && \$10 < d2 || \$10 ~ d2' "\$LOGFILE.1" \ -| grep "Infected file" | awk -F'["]' '{print \$34}' >> "\$tempfile" + notify_admin_gui "Virus was found" "The following action was executed by the antivirus app: +\$INFECTED_FILES" fi - -# Exit if no results found -if ! [ -s "\$tempfile" ] -then - rm "\$tempfile" - exit -fi - -# Load the library if an infected file was found -# shellcheck source=lib.sh -source /var/scripts/fetch_lib.sh || source <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) - -# Check if root -root_check - -# Send notification -WORDS=(found deleted) -for toFind in "\${WORDS[@]}" -do - if grep -q "\$toFind" "\$tempfile" - then - # Prepare output - grep "\$toFind" "\$tempfile" | awk '{\$1=""; \$2 = ""; \$3 = "";\$4 = ""; \$5 = ""; \$6 = ""; print \$0}' \ -| sed -r -e 's|appdata_.{12}||' | sed 's| ||g' > "\$tempfile.output" - - # Send notification - notify_admin_gui \ - "Nextcloud Antivirus - Infected File(s) \$toFind!" \ - "\$(cat "\$tempfile.output" | cut -c -4000)" - fi -done - -rm "\$tempfile" -rm "\$tempfile.output" - -exit AV_NOTIFICATION chown root:root "$SCRIPT_PATH" @@ -264,6 +211,12 @@ then exit fi +# Send mail that backup was started +if ! send_mail "Weekly ClamAV scan started." "You will be notified again when the scan is finished!" +then + notify_admin_gui "Weekly ClamAV scan started." "You will be notified again when the scan is finished!" +fi + # Only scan for changed files in the last week if initial full-scan is done if [ -n "\$FULLSCAN_DONE" ] then @@ -289,11 +242,16 @@ then sed -i "s|^FULLSCAN_DONE.*|FULLSCAN_DONE=1|" "$SCRIPTS"/clamav-fullscan.sh fi +INFECTED_FILES_LOG="\$(sed -n '/----------- SCAN SUMMARY -----------/,\$p' $VMLOGS/clamav-fullscan.log)" +INFECTED_FILES="\$(grep 'FOUND$' $VMLOGS/clamav-fullscan.log)" + # Send notification -notify_admin_gui \ -"Your weekly full-scan ClamAV report" \ -"\$(sed -n '/----------- SCAN SUMMARY -----------/,\$p' $VMLOGS/clamav-fullscan.log)\n -\$(grep -i infected $VMLOGS/clamav-fullscan.log | grep -v "Infected files:")" +if ! send_mail "Your weekly full-scan ClamAV report" "\$INFECTED_FILES_LOG\n +\$INFECTED_FILES" +then + notify_admin_gui "Your weekly full-scan ClamAV report" "\$INFECTED_FILES_LOG\n +\$INFECTED_FILES" +fi CLAMAV_REPORT # Make the script executable diff --git a/apps/fail2ban.sh b/apps/fail2ban.sh index bcb7aaf6..03da0536 100644 --- a/apps/fail2ban.sh +++ b/apps/fail2ban.sh @@ -224,10 +224,12 @@ fi # Report if something was found source /var/scripts/fetch_lib.sh || source <(curl -sL https://raw.githubusercontent.com/nextcloud/vm/master/lib.sh) -notify_admin_gui \ -"Your daily Fail2Ban report" \ -"These IP's got banned today: +if ! send_mail "Your daily Fail2Ban report" "These IP's got banned today: \$BANNED_IPS" +then + notify_admin_gui "Your daily Fail2Ban report" "These IP's got banned today: +\$BANNED_IPS" +fi FAIL2BAN_REPORT # Add crontab entry diff --git a/not-supported/monitor-link-shares.sh b/not-supported/monitor-link-shares.sh index 4a7f20c7..96a4ffe6 100644 --- a/not-supported/monitor-link-shares.sh +++ b/not-supported/monitor-link-shares.sh @@ -63,5 +63,8 @@ chmod 700 "$SCRIPTS/audit-link-shares.sh" crontab -u root -l | grep -v "$SCRIPTS/audit-link-shares.sh" | crontab -u root - crontab -u root -l | { cat; echo "*/30 * * * * $SCRIPTS/audit-link-shares.sh >/dev/null" ; } | crontab -u root - +# enable admin_audit app +install_and_enable_app admin_audit + msg_box "$SCRIPT_NAME was successfully configured! You will get a mail if new link shares were created." |