Using a bashscript to combine security checks
Currently the following applications are used:
- clamav
- rkunter
- rhkrootkit
- nmap
Warning! This script is not to be used in live enviroments.
I wrote it to see what's possible. The script is not tested outside my virtual machine.
#!/bin/bash
# autorun yes | sudo bash securityChecker.sh
#############################
# WARNINGS #
#############################
# 1. this script will install: rkhunter chrootkit clamscan shorewall
# 2. if one of the above mentioned applications is active this script will kill it
# 3. for use on VM's nice 19 seems to work best on I5
# 4. when using cleanup all files including SHOREWALL shall be removed
#Black 0;30 Dark Gray 1;30
#Blue 0;34 Light Blue 1;34
#Green 0;32 Light Green 1;32
#Cyan 0;36 Light Cyan 1;36
#Red 0;31 Light Red 1;31
#Purple 0;35 Light Purple 1;35
#Brown/Orange 0;33 Yellow 1;33
#Light Gray 0;37 White 1;37
#############################
# configuration settings #
#############################
global_mode=normal #hidden, quiet, normal, speak, debug
global_nice=19 #cpu load of the applications being started by this script
global_logFile='securityOutput.txt' #logfile (allways active)
progs=("rkhunter" "chkrootkit" "clamav" "nmap") #the applications/tools this script uses
rkhunter='sudo rkhunter --update --check' #rkhunter parameters
chkrootkit='sudo chkrootkit' #chkrootkit parameters
clamav='sudo freshclam && clamscan' #clamav parameters
nmap='sudo nmap localhost' #nmap parameters
clean="apt-get autoremove" #clean system
basic="apt-get update" #system update command
upgrade="apt-get upgrade" #system upgrade command
red='\033[0;31m' #used for alerts
green='\033[0;32m' #used for succes
blue='\033[0;34m' #used for titlel
NC='\033[0m' #no color
#############################
# output options #
#############################
outputToAll(){
outputToLog
if [ $global_mode = "normal" ];then
outputToScreen
fi
if [ $global_mode = "speak" ];then
outputToSound
fi
if [ $global_mode = "debug" ];then
outputToDebug
fi
}
outputToScreen(){
echo "$global_output"
}
outputToLog(){
echo "$global_output" >> "$global_logFile"
}
outputToSound(){
echo "$global_output" | espeak -p 40 -s 150
}
outputToDebug(){
( set -o posix ; set )
}
#############################
# business logic #
#############################
checkOS(){
global_os_found="false"
if [[ $(uname -a | grep Ubuntu | wc -l) > 0 ]];then
global_os_found="Ubuntu"
fi
if [[ $(uname -a | grep Debian | wc -l) > 0 ]];then
global_os_found="Debian"
fi
}
checkIfInstalled(){
global_command_response=$(find /var/lib/ | grep "$global_test" | wc -l) #we expect more then 0 when installed
if [[ $global_command_response > 0 ]];then
global_file_found="true"
else
global_file_found="false"
fi
}
checkIfRunning(){
global_command_response=$(ps -ef | grep -v grep | grep "$global_test" | wc -l) #we expect 0 when not running
if [[ $global_command_response = 0 ]];then
echo $global_test"not running"
global_ps_running="false"
else
echo -e $global_test"${red}is running${NC}"
global_ps_running="true"
fi
}
startPs(){
yes|nice=$global_nice ${!global_test} #get configured parameters and start function
}
#############################
# controller #
#############################
global_output=''
outputToAll
outputToAll
global_output='GTB security checker started, please wait..'
outputToAll
#os check loop
global_output='1/5 Checking the OS'
echo -e "${blue}"
outputToAll
echo -e "${NC}"
checkOS
if [[ "$global_os_found" != "false" ]];then
global_output=' Your OS ('$global_os_found') is recognized and supported'
echo -e "${green}"
outputToAll
echo -e "${NC}"
else
global_output=" Your OS is not recognized. System wil now exit"
echo -e "${red}"
outputToAll
echo -e "${NC}"
exit
fi
#install loop
global_output='2/5 Starting tool / file check'
echo -e "${blue}"
outputToAll
echo -e "${NC}"
for i in "${progs[@]}"
do
:
global_test=$i
checkIfInstalled
if [ "$global_file_found" = "true" ];then
global_output=' '$i' installed'
echo -e "${green}"
outputToAll
echo -e "${NC}"
else
global_output=' '$i' not found, starting installation'
echo -e "${red}"
outputToAll
echo -e "${NC}"
apt-get install $i #remove this to a new function (install software)
global_output=' '$i' installed, this script wil restart in 5 seconds. please wait..'
echo -e "${green}"
outputToAll
echo -e "${NC}"
sleep 5
sudo bash securityChecker.sh
exit
fi
done
#system update
global_output='3/5 Updating the operating system'
echo -e "${blue}"
outputToAll
echo -e "${NC}"
global_test=clean
global_output=$(startPs)
outputToAll
global_test=basic
global_output=$(startPs)
outputToAll
global_test=upgrade
global_output=$(startPs)
outputToAll
#kill loop
global_output='4/5 Killing processes we need'
echo -e "${blue}"
outputToAll
echo -e "${NC}"
for i in "${progs[@]}"
do
:
global_test=$i
checkIfRunning
if [ "$global_ps_running" = "false" ]; then
echo $i" not running"
else
echo $i" is running, kill kill"
fi
done
#start loop
global_output='5/5 Starting processes'
echo -e "${blue}"
outputToAll
echo -e "${NC}"
for i in "${progs[@]}"
do
:
global_test=$i
global_output="starting: "$i
outputToAll
#echo $i "installed and ready, starting"
global_output=$(startPs)
outputToAll
done
#if global_mode=hidden start cleanup loop
global_output='securiy checker completed, no errors found'
outputToAll
# include back-up script
# get files from repo
# run checks below
# zip files and move to ...