From 66a282f785d2fbef4f8803f2658552df82046a31 Mon Sep 17 00:00:00 2001
From: David Beniamine <david.beniamine@tetras-libre.fr>
Date: Mon, 14 May 2018 15:22:39 +0200
Subject: [PATCH] Run clamav and rkhunter on upgrade

---
 clamav-weekly.sh | 12 ++++--------
 installBase.sh   |  1 +
 upgradeAll.sh    |  6 ++++++
 3 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/clamav-weekly.sh b/clamav-weekly.sh
index 2208f3e..7f812ac 100755
--- a/clamav-weekly.sh
+++ b/clamav-weekly.sh
@@ -17,7 +17,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 
-LOGFILE="/tmp/clamav-$(date +'%Y-%m-%d').log";
+LOGFILE="/var/log/clamav.log";
 EMAIL_TO="root";
 DIRTOSCAN="/var/www /home";
 
@@ -31,9 +31,10 @@ do_sendmail(){
     echo "To: $EMAIL_TO";
     echo "Content-Type: text/plain; charset=UTF-8";
     echo "";
-    echo -e "${message}") | sendmail -t
+    echo -e "${message}") | sendmail -t $EMAIL_TO
 }
 
+echo "" > $LOGFILE
 for S in ${DIRTOSCAN}; do
     DIRSIZE=$(du -sh "$S" 2>/dev/null | cut -f1);
 
@@ -52,10 +53,5 @@ then
     message="Une menace a été detecté sur votre serveur.\n Merci de vous
     référer au log ci dessous et si besoin de contacter vos
     administrateur.rice système."
-else
-    subject="Aucune menace detectée"
-    message="Aucune menace detectée durant l'analyse hebdomadaire de votre serveur."
+    do_sendmail
 fi
-
-do_sendmail
-rm $LOGFILE
diff --git a/installBase.sh b/installBase.sh
index 65692fa..bcb7cab 100644
--- a/installBase.sh
+++ b/installBase.sh
@@ -69,6 +69,7 @@ DEBIAN_FRONTEND='noninteractive' apt-get -qq install \
     php-mcrypt \
     php-mysql \
     postfix \
+    rkhunter \
     openssh-server \
     tar \
     tmux \
diff --git a/upgradeAll.sh b/upgradeAll.sh
index 63eab3c..9705714 100644
--- a/upgradeAll.sh
+++ b/upgradeAll.sh
@@ -44,6 +44,12 @@ if [ -f "$customfile" ]
 then
     /bin/bash $customfile
 fi
+if [ -z "`which rkhunter`" ]
+then
+    aptitude install rkhunter
+fi
+rkhunter --sk -c
+less /var/log/clamav.log
 services="`checkrestart | awk '/^service/{print $2} /^systemctl/{print $3}'` \
     $EXTRAS_SERVICES_TO_RESTART"
 [ ! -z "$services" ] && systemctl restart $services
-- 
GitLab