-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathscan.sh
More file actions
54 lines (43 loc) · 1.37 KB
/
scan.sh
File metadata and controls
54 lines (43 loc) · 1.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#!/bin/bash
# Rootkit & Malware Scanner (ClamAV + RKHunter)
# Created by Hosteons - https://hosteons.com
# Detect OS
if [ -f /etc/os-release ]; then
. /etc/os-release
OS=$ID
else
echo "Unsupported OS"
exit 1
fi
echo "Detected OS: $OS"
# Update package lists
if [[ "$OS" == "ubuntu" || "$OS" == "debian" ]]; then
apt update
apt install -y clamav rkhunter
elif [[ "$OS" == "centos" || "$OS" == "almalinux" ]]; then
yum install -y epel-release
yum install -y clamav clamav-update rkhunter
else
echo "Unsupported OS"
exit 1
fi
# Stop freshclam to avoid log conflicts
echo "Stopping freshclam daemon to avoid log conflicts..."
systemctl stop clamav-freshclam 2>/dev/null || pkill -f freshclam 2>/dev/null
# Update ClamAV definitions
echo "Updating ClamAV database..."
freshclam || echo "ClamAV update may have failed. Check /var/log/clamav/freshclam.log"
# Fix invalid WEB_CMD in RKHunter if needed
if grep -q '^WEB_CMD="/bin/false"' /etc/rkhunter.conf 2>/dev/null; then
echo "Fixing invalid WEB_CMD in /etc/rkhunter.conf"
sed -i 's|^WEB_CMD="/bin/false"|WEB_CMD=DISABLE|' /etc/rkhunter.conf
fi
# Update RKHunter
echo "Updating RKHunter database..."
rkhunter --update
# Scan for malware and rootkits
echo "Running ClamAV scan..."
clamscan -r --bell -i / 2>/dev/null
echo "Running RKHunter scan..."
rkhunter --check --sk --nocolors
echo "Scan complete"