-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsyscheck
More file actions
executable file
·112 lines (97 loc) · 5.82 KB
/
Copy pathsyscheck
File metadata and controls
executable file
·112 lines (97 loc) · 5.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
#!/usr/bin/env bash
#
# _ _
# ___ _ _ ___ ___| |__ ___ ___| | __
# / __| | | / __|/ __| '_ \ / _ \/ __| |/ /
# \__ \ |_| \__ \ (__| | | | __/ (__| <
# |___/\__, |___/\___|_| |_|\___|\___|_|\_\
# |___/
#
# Script : syscheck
# Location : /usr/local/bin/syscheck
# Author : Jens Ochmann
# Date : 2025‑04‑20
# License : MIT
# Description : Perform a basic security audit (updates, rootkits, ports, perms).
# Requires root : Elevates via sudo if needed
#
set -euo pipefail
#–––––––––––– Farben (Fallback) ––––––––––––––––––––––––––––––––––––––––––––––––
RED=${RED:-"\033[0;31m"} ; GREEN=${GREEN:-"\033[0;32m"}
YELLOW=${YELLOW:-"\033[0;33m"} ; NC=${NC:-"\033[0m"}
info() { printf "%b%s%b\n" "${YELLOW}" "$*" "${NC}"; }
ok() { printf "%b%s%b\n" "${GREEN}" "$*" "${NC}"; }
err() { printf "%b%s%b\n" "${RED}" "$*" "${NC}" >&2; }
#–––––––––––– Root‑Handling ––––––––––––––––––––––––––––––––––––––––––––––––––––
if (( EUID != 0 )); then
exec sudo --preserve-env=RED,GREEN,YELLOW,NC "$0" "$@"
fi
#–––––––––––– Log‑Datei ––––––––––––––––––––––––––––––––––––––––––––––––––––––––
LOG_FILE="/var/log/syscheck-$(date +%F).log"
: > "${LOG_FILE}"
log() { printf "%s\n" "$*" | tee -a "${LOG_FILE}"; }
#–––––––––––– System‑Updates ––––––––––––––––––––––––––––––––––––––––––––––––––
info "Updating package index …"
DEBIAN_FRONTEND=noninteractive apt-get -qq update
DEBIAN_FRONTEND=noninteractive apt-get -y dist-upgrade
#–––––––––––– Sicherheits‑Updates prüfen –––––––––––––––––––––––––––––––––––––––
info "Checking for unapplied security updates …"
apt-get -s upgrade | grep -i security &>/dev/null \
&& log "⚠️ Security updates are available." \
|| ok "No pending security updates."
#–––––––––––– Offene Ports ––––––––––––––––––––––––––––––––––––––––––––––––––––
info "Scanning for listening ports (non‑localhost) …"
mapfile -t PORTS < <(ss -tulnH | awk '$4 !~ /(^127|^\[::1\])/ {print $0}')
if (( ${#PORTS[@]} )); then
log "⚠️ External listening ports detected:"; printf '%s\n' "${PORTS[@]}" | log
else
ok "No external listening ports."
fi
#–––––––––––– Leere Passwörter ––––––––––––––––––––––––––––––––––––––––––––––––
info "Checking for accounts with empty passwords …"
EMPTY_PW=$(awk -F: '($2==""){print $1}' /etc/shadow || true)
[[ -n "${EMPTY_PW}" ]] && log "⚠️ Users without passwords: ${EMPTY_PW}" || ok "No empty passwords."
#–––––––––––– SUID / SGID –––––––––––––––––––––––––––––––––––––––––––––––––––––
info "Searching for SUID/SGID files (top 20 by size) …"
SUID_LIST=$(find / -xdev \( -perm -4000 -o -perm -2000 \) -type f 2>/dev/null \
-printf '%s %p\n' | sort -rn | head -20)
[[ -n "${SUID_LIST}" ]] && log "⚠️ SUID/SGID files:\n${SUID_LIST}" || ok "No SUID/SGID files of concern."
#–––––––––––– World‑Writable Dateien ––––––––––––––––––––––––––––––––––––––––––
info "Checking for world‑writable files (top 20) …"
WW_LIST=$(find / -xdev -type f -perm -o+w ! -path "/proc/*" 2>/dev/null | head -20)
[[ -n "${WW_LIST}" ]] && log "⚠️ World‑writable files:\n${WW_LIST}" || ok "No world‑writable files."
#–––––––––––– Rootkit‑Scan ––––––––––––––––––––––––––––––––––––––––––––––––––––
info "Running chkrootkit …"
apt-get -qq install -y chkrootkit
if chkrootkit | tee -a "${LOG_FILE}" | grep -q "INFECTED"; then
log "⚠️ Potential rootkit signatures detected."
else
ok "No rootkits found."
fi
#–––––––––––– Zusammenfassung –––––––––––––––––––––––––––––––––––––––––––––––––
echo
if [[ -s "${LOG_FILE}" ]]; then
err "Security issues were detected. Review ${LOG_FILE}"
else
ok "No critical findings. System appears secure."
rm -f "${LOG_FILE}"
fi
#–––––––––––– Optionale ClamAV‑Prüfung ––––––––––––––––––––––––––––––––––––––––
if [[ -t 0 ]]; then
read -rp "$(printf '%bRun ClamAV malware scan (y/N)? %b' "${YELLOW}" "${NC}")" answer
if [[ "${answer}" =~ ^[Yy]$ ]]; then
info "Installing & updating ClamAV …"
apt-get -qq install -y clamav clamav-daemon
systemctl stop clamav-freshclam || true
freshclam
systemctl start clamav-freshclam || true
TEMP_LOG=$(mktemp)
info "Running clamscan (this may take a while) …"
clamscan -r --bell -i /home /root > "${TEMP_LOG}"
if grep -q "Infected files: 0" "${TEMP_LOG}"; then
ok "ClamAV: no infections found."
else
log "⚠️ Malware detected – see ${TEMP_LOG}"
fi
fi
fi