Clam AntiVirus (ClamAV) is a free and open-source, cross-platform antivirus software tool-kit able to detect many types of malicious software, including viruses. In the previous article, I shown you “How To Install/Compile ClamAV In CentOS 6“. In this article, I will continue to show you How to use ClamAV & Cronjobs to run daily & hourly virus scans.

The first, I will create a new directory to store script & log files of ClamAV

# mkdir -p /usr/local/clamav/script
# mkdir -p /usr/local/clamav/log

Setting up hourly scans

Creating a file called name clamscan_hourly

# vi /usr/local/clamav/script/clamscan_hourly

And add the following code

#!/bin/bash
SUBJECT="`hostname` PASSED HOURLY SCAN"
EMAIL="admin@domain.com"
LOG=/usr/local/clamav/log/clamav.log
TMP_LOG=/tmp/clam.hourly
 
av_report() {
 
    if [ `cat ${TMP_LOG}  | grep Infected | grep -v 0 | wc -l` != 0 ]
    then
		SUBJECT="[WARNING] `hostname` PASSED HOURLY SCAN"
    fi
	
	EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX`
    echo "To: ${EMAIL}" >>  ${EMAILMESSAGE}
    echo "From: alert@domain.com" >>  ${EMAILMESSAGE}
    echo "Subject: ${SUBJECT}" >>  ${EMAILMESSAGE}
    echo "Importance: High" >> ${EMAILMESSAGE}
    echo "X-Priority: 1" >> ${EMAILMESSAGE}
    echo "`tail -n 50 ${TMP_LOG}`" >> ${EMAILMESSAGE}
    sendmail -t < ${EMAILMESSAGE}
	
	cat ${TMP_LOG} >> ${LOG}
	rm -rf ${TMP_LOG}
}

av_scan() {
	touch ${TMP_LOG}
	find / -not -wholename '/sys/*' -and -not -wholename '/proc/*' -mmin -61 -type f -print0 | xargs -0 -r clamscan --exclude-dir=/proc/ --exclude-dir=/sys/ --quiet --infected --log=${TMP_LOG}
}

av_scan
av_report
freshclam

Save the file. Make sure it’s executable, type

# chmod +x /usr/local/clamav/script/clamscan_hourly

Setting up daily scans

Creating a file called name clamscan_daily

# vi /usr/local/clamav/script/clamscan_daily

And add the following code

#!/bin/bash
SUBJECT="`hostname` PASSED DAILY SCAN"
EMAIL="admin@domain.com"
LOG=/usr/local/clamav/log/clamav.log
TMP_LOG=/tmp/clam.daily
 
av_report() {
 
    if [ `cat ${TMP_LOG}  | grep Infected | grep -v 0 | wc -l` != 0 ]
    then
	SUBJECT="[WARNING] `hostname` PASSED DAILY SCAN"
    fi
	
	EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX`
    echo "To: ${EMAIL}" >>  ${EMAILMESSAGE}
    echo "From: alert@domain.com" >>  ${EMAILMESSAGE}
    echo "Subject: ${SUBJECT}" >>  ${EMAILMESSAGE}
    echo "Importance: High" >> ${EMAILMESSAGE}
    echo "X-Priority: 1" >> ${EMAILMESSAGE}
    echo "`tail -n 50 ${TMP_LOG}`" >> ${EMAILMESSAGE}
    sendmail -t < ${EMAILMESSAGE}
	
	cat ${TMP_LOG} >> ${LOG}
	rm -rf ${TMP_LOG}
}

av_scan() {
	touch ${TMP_LOG}
	clamscan -r / --exclude-dir=/sys/ --quiet --infected --log=${TMP_LOG}
}
 
av_scan
av_report

Save the file. Make sure it’s executable, type

# chmod +x /usr/local/clamav/script/clamscan_daily

Setting Up Crontab to run ClamAV hourly & daily scans

Type the following command

# crontab -e

Add the following code

# ClamAV scan
01 * * * * /usr/local/clamav/script/clamscan_hourly
01 00 * * * /usr/local/clamav/script/clamscan_daily

Setting up log rotation for ClamAV

Creating a file called name clamav, type

# vi /etc/logrotate.d/clamav

Add the following code

/usr/local/clamav/log/*.log {
    daily
    dateext
    dateformat -%d%m%Y
    missingok
    rotate 90
    compress
    delaycompress
    notifempty
    create 600 root root
}

The post How To Use ClamAV & Cron Jobs To Run Daily And Hourly Virus Scans appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

Clam AntiVirus (ClamAV) is a free and open-source, cross-platform antivirus software tool-kit able to detect many types of malicious software, including viruses. It’s easy to use and best for Linux based Web & Mail server. In this article, I will show you through the step by step installation of ClamAV on CentOS 6.x from source.

The first, You need to download ClamAV latest version at http://www.clamav.net. Login as root and type the following command

# wget http://downloads.sourceforge.net/project/clamav/clamav/0.98.4/clamav-0.98.4.tar.gz?r=http%3A%2F%2Fwww.clamav.net%2Fdownload.html&ts=1410062157&use_mirror=softlayer-sng -O clamav-0.98.4.tar.gz

The second, extracting clamav-0.98.4.tar.gz package

# tar zxvf clamav-0.98.4.tar.gz
# cd clamav-0.98.4

Installing ClamAV

Type the following command to Compile ClamAV from source

# ./configure --prefix=/usr/local --sysconfdir=/etc --with-xml=/usr/local --with-zlib=/usr
# make
# make install

Configuring ClamAV

Creating user for clamav, enter

useradd -s /sbin/nologin -d /dev/null clamav

Creating database folder of clamav, enter

# mkdir /usr/local/share/clamav
# chown clamav /usr/local/share/clamav
# chmod 700 /usr/local/share/clamav

Type these following commands to create ClamAV configuration files

mv /etc/freshclam.conf.sample /etc/freshclam.conf
mv /etc/clamd.conf.sample /etc/clamd.conf

Open and remove contains

# Comment or remove the line below.
Example

Updating ClamAV

# freshclam

Configuring daily scan

In this example, I will configure a cronjob to scan the /home/ directory every day. Creating a file called name scanav at /opt/, enter

# vi /opt/scanav

Add the following to the file above

#!/bin/bash

SCAN_DIR="/home"
SCAN_LOG="/var/log/clamav.log"

# Update CLAMAV
freshclam

# Scan AV
clamscan -i -r $SCAN_DIR >> $SCAN_LOG

Give our cron script executable permissions, enter

# chmod +x /opt/scanav

Configuring daily scan with crontab, type the following command

# crontab -e

Add the following

01 01 * * * /opt/scanav

The post How To Install/Compile ClamAV In CentOS 6 appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.

Rootkit Hunter (rkhunter) is a Unix-based tool that scans for rootkits, backdoors and possible local exploits. It does this by comparing SHA-1 hashes of important files with known good ones in online database, searching for default directories (of rootkits), wrong permissions, hidden files, suspicious strings in kernel modules, and special tests for Linux and FreeBSD.

Installation rkhunter in 5 steps

Step 1: Download rkhunter

Login your server as root, and type the following command

wget http://biznetnetworks.dl.sourceforge.net/project/rkhunter/rkhunter/1.3.8/rkhunter-1.3.8.tar.gz

Step 2: Extract rkhunter

tar -zxvf rkhunter-1.3.8.tar.gz

Step 3: Install rkhunter

cd rkhunter-1.3.8
sh installer.sh --install

The screen as shown:

Checking system for:
 Rootkit Hunter installer files: found
 A web file download command: wget found
Starting update:
 Checking installation directory "/usr/local": it exists and is writable.
 Checking installation directories:
  Directory /usr/local/share/doc/rkhunter-1.3.8: exists and is writable.
  Directory /usr/local/share/man/man8: exists and is writable.
  Directory /etc: exists and is writable.
  Directory /usr/local/bin: exists and is writable.
  Directory /usr/local/lib: exists and is writable.
  Directory /var/lib: exists and is writable.
  Directory /usr/local/lib/rkhunter/scripts: exists and is writable.
  Directory /var/lib/rkhunter/db: exists and is writable.
  Directory /var/lib/rkhunter/tmp: exists and is writable.
  Directory /var/lib/rkhunter/db/i18n: exists and is writable.
 Installing check_modules.pl: OK
 Installing filehashsha.pl: OK
 Installing stat.pl: OK
 Installing readlink.sh: OK
 Installing backdoorports.dat: OK
 Installing mirrors.dat: OK
 Installing programs_bad.dat: OK
 Installing suspscan.dat: OK
 Installing rkhunter.8: OK
 Installing ACKNOWLEDGMENTS: OK
 Installing CHANGELOG: OK
 Installing FAQ: OK
 Installing LICENSE: OK
 Installing README: OK
 Installing language support files: OK
 Installing rkhunter: OK
 Installing rkhunter.conf in no-clobber mode: OK
 >>>
 >>> PLEASE NOTE: inspect for update changes in "/etc/rkhunter.conf.24761",
 >>> and apply to either "/etc/rkhunter.conf" or your local configuration
 >>> file before running Rootkit Hunter.
 >>>
Update complete

Step 4: Update rkhunter

At prompt type the following command

rkhunter --update

Step 5:Adding daily cron job

If you want get a mail daily with a status on your system, you need to do the following in steps:
Create file rkhunter.sh

vi /etc/cron.daily/rkhunter.sh

Add the following code

#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run' yourname@example.com

Replace yourname@example.com above with your email.

Set execute permission for rkhunter.sh

chmod +x /etc/cron.daily/rkhunter.sh

The post How To Install Rootkit Hunter appeared first on lifeLinux: Linux Tips, Hacks, Tutorials, Ebooks.