forked from rfxn/linux-malware-detect
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinstall.sh
executable file
·121 lines (117 loc) · 4.28 KB
/
install.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
#!/bin/bash
#
##
# Linux Malware Detect v1.5
# (C) 2002-2014, R-fx Networks <[email protected]>
# (C) 2014, Ryan MacDonald <[email protected]>
# This program may be freely redistributed under the terms of the GNU GPL v2
##
#
PATH=$PATH:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
ver=1.5
inspath=/usr/local/maldetect
logf=$inspath/logs/event_log
cnftemp=.ca.def
find=`which find 2> /dev/null`
if [ ! -d "$inspath" ] && [ -d "files" ]; then
mkdir -p $inspath
chmod 755 $inspath
cp -pR files/* $inspath
chmod 755 $inspath/maldet
mkdir -p $inspath/clean $inspath/pub $inspath/quarantine $inspath/sess $inspath/sigs $inspath/tmp 2> /dev/null
chmod 750 $inspath/quarantine $inspath/sess $inspath/tmp $inspath/internals/tlog 2> /dev/null
ln -fs $inspath/maldet /usr/local/sbin/maldet
ln -fs $inspath/maldet /usr/local/sbin/lmd
cp -f CHANGELOG COPYING.GPL README $inspath/
if [ -d "/usr/local/cpanel/3rdparty/share/clamav/" ]; then
clampath="/usr/local/cpanel/3rdparty/share/clamav/"
elif [ -d "/var/lib/clamav/" ]; then
clampath="/var/lib/clamav/"
elif [ -d "/var/clamav/" ]; then
clampath="/var/clamav/"
elif [ -d "/usr/share/clamav/" ]; then
clampath="/usr/share/clamav/"
fi
if [ "$clampath" ]; then
ln -fs $inspath/sigs/rfxn.ndb $clampath
ln -fs $inspath/sigs/rfxn.hdb $clampath
ln -fs $inspath/sigs/lmd.user.ndb $clampath
ln -fs $inspath/sigs/lmd.user.hdb $clampath
fi
killall -SIGUSR2 clamd 2> /dev/null
else
if [ "$(ps -A --user root -o "cmd" | grep maldetect | grep inotifywait)" ]; then
$inspath/maldet -k >> /dev/null 2>&1
monmode=1
fi
$find $inspath.* -maxdepth 0 -type d -mtime +30 | xargs rm -rf
mv $inspath $inspath.bk$$
ln -fs $inspath.bk$$ $inspath.last
mkdir -p $inspath
chmod 755 $inspath
cp -pR files/* $inspath
chmod 755 $inspath/maldet
ln -fs $inspath/maldet /usr/local/sbin/maldet
ln -fs $inspath/maldet /usr/local/sbin/lmd
cp -f $inspath.bk$$/ignore_* $inspath/ >> /dev/null 2>&1
if [ "$ver" == "1.5" ]; then
cp -f $inspath.bk$$/sess/* $inspath/sess/ >> /dev/null 2>&1
cp -f $inspath.bk$$/tmp/* $inspath/tmp/ >> /dev/null 2>&1
cp -f $inspath.bk$$/quarantine/* $inspath/quarantine/ >> /dev/null 2>&1
fi
cp -f $inspath.bk$$/sigs/custom.* $inspath/sigs/ >> /dev/null 2>&1
cp -pf $inspath.bk$$/clean/custom.* $inspath/clean/ >> /dev/null 2>&1
cp -f CHANGELOG COPYING.GPL README $inspath/
mkdir -p $inspath/clean $inspath/pub $inspath/quarantine $inspath/sess $inspath/sigs $inspath/tmp 2> /dev/null
chmod 750 $inspath/quarantine $inspath/sess $inspath/tmp $inspath/internals/tlog 2> /dev/null
if [ -d "/usr/local/cpanel/3rdparty/share/clamav/" ]; then
clampath="/usr/local/cpanel/3rdparty/share/clamav/"
elif [ -d "/var/lib/clamav/" ]; then
clampath="/var/lib/clamav/"
elif [ -d "/var/clamav/" ]; then
clampath="/var/clamav/"
elif [ -d "/usr/share/clamav/" ]; then
clampath="/usr/share/clamav/"
fi
if [ "$clampath" ]; then
ln -fs $inspath/sigs/rfxn.ndb $clampath
ln -fs $inspath/sigs/rfxn.hdb $clampath
ln -fs $inspath/sigs/lmd.user.ndb $clampath
ln -fs $inspath/sigs/lmd.user.hdb $clampath
fi
killall -SIGUSR2 clamd 2> /dev/null
fi
if [ -d "/etc/cron.daily" ]; then
cp -f cron.daily /etc/cron.daily/maldet
chmod 755 /etc/cron.daily/maldet
fi
if [ -d "/etc/cron.d" ]; then
cp -f cron.d.pub /etc/cron.d/maldet_pub
chmod 644 /etc/cron.d/maldet_pub
fi
mkdir -p $inspath/logs && touch $logf
ln -fs $logf $inspath/event_log
$inspath/maldet --alert-daily
echo "Linux Malware Detect v$ver"
echo " (C) 2002-2014, R-fx Networks <[email protected]>"
echo " (C) 2014, Ryan MacDonald <[email protected]>"
echo "This program may be freely redistributed under the terms of the GNU GPL"
echo ""
echo "installation completed to $inspath"
echo "config file: $inspath/conf.maldet"
echo "exec file: $inspath/maldet"
echo "exec link: /usr/local/sbin/maldet"
echo "exec link: /usr/local/sbin/lmd"
echo "cron.daily: /etc/cron.daily/maldet"
if [ -f "$cnftemp" ] && [ -f "$inspath.bk$$/conf.maldet" ]; then
. files/conf.maldet
. $inspath.bk$$/conf.maldet
. $cnftemp
echo "imported config options from $inspath.last/conf.maldet"
fi
$inspath/maldet --update 1
if [ "$monmode" == "1" ]; then
echo "detected active monitoring mode, restarted inotify watch with '-m users'"
$inspath/maldet -m users >> /dev/null 2>&1 &
fi
echo ""