Handy Wrapper Scripts - Security

General Discussions
1

Whenever there is a useful tool available from the general repositories, I rarely use it as is. I usually end up “organically growing” a wrapper around those tools or utilities.

I propose this TOPIC as a repository for scripts that people have created as wrappers around those useful tools and utilities.



So … here is a few contributions to start:

rkhunter 
#!/bin/sh

#23456789+123456789+123456789+123456789+123456789+123456789+123456789+123456789+123456789+123456789+
####################################################################################################
###
###	$Id: SEC__Scan_001_rkhunter.sh,v 1.1 2020/09/20 02:20:25 root Exp $
###
###	Script to manage execution and logging of the 'rkhunter' tool.
###
####################################################################################################

Oasis=${Oasis:-/Oasis}
ThisDATE=`date '+%Y%m%d%H%M%S'`

command=rkhunter
compath=`which ${command} `
#compath="/DB001_F2/LO/bin_Sec/rkhunter.test"

if [ -z "${compath}" ] ; then  echo "\n\t Command '${command}' was not found in PATH.  Abandonning.\n Bye!\n" ; exit 1 ; fi

# REFERENCE:  /home/ericthered/Desktop/PROJ01_SecurityScans

LogROOT="${Oasis}/Logs"
LOGS="${LogROOT}/${command}"

for dir in ${LogROOT} ${LOGS}
do
	if [ ! -d ${dir} ]
	then
		mkdir ${dir}
		chmod 775 ${dir}
		echo "\t Created directory:  ${dir} ..."
	fi
done

LOG="${LogROOT}/${command}/${command}.${ThisDATE}.log"

{	echo "========  |${command}|${ThisDATE}|`uname -a`|  ========"

	eval ${compath} --versioncheck
	eval ${compath} --config-check
	eval ${compath} --update --verbose-logging --debug
	#vi /var/log/rkhunter.log

	eval ${compath} --propupd			# should be run after updates to the OS packages/software
	eval ${compath} --check --skip-keypress	--logfile ${LogROOT}/${command}/${command}.${ThisDATE}.details
} 2>&1 | tee ${LOG}


exit 0
exit 0
exit 0

lynis 
#!/bin/sh

#23456789+123456789+123456789+123456789+123456789+123456789+123456789+123456789+123456789+123456789+
####################################################################################################
###
###	$Id: SEC__Scan_002_lynis.sh,v 1.2 2026/04/25 21:39:39 root Exp $
###
###	Script to manage execution and logging of the 'lynis' tool.
###
####################################################################################################

Oasis=${Oasis:-/Oasis}
ThisDATE=`date '+%Y%m%d%H%M%S'`

command=lynis
compath=`which ${command} `

if [ -z "${compath}" ] ; then  echo "\n\t Command '${command}' was not found in PATH.  Abandonning.\n Bye!\n" ; exit 1 ; fi

# REFERENCE:  /home/ericthered/Desktop/PROJ01_SecurityScans

LogROOT="${Oasis}/Logs"
LOGS="${LogROOT}/${command}"

for dir in ${LogROOT} ${LOGS}
do
	if [ ! -d ${dir} ]
	then
		mkdir ${dir}
		chmod 775 ${dir}
		echo "\t Created directory:  ${dir} ..."
	fi
done

LOG="${LogROOT}/${command}/${command}.${ThisDATE}.log"

{	echo "========  |${command}|${ThisDATE}|`uname -a`|  ========"

	eval ${compath} --pentest --logfile ${LOG}
	#eval ${compath} --quick --logfile ${LOG}
} 2>&1 | tee ${LogROOT}/${command}/${command}.${ThisDATE}.details


exit 0
exit 0
exit 0

chkrootkit 
#!/bin/sh

#23456789+123456789+123456789+123456789+123456789+123456789+123456789+123456789+123456789+123456789+
####################################################################################################
###
###	$Id: SEC__Scan_003_chkrootkit.sh,v 1.1 2020/09/20 02:20:25 root Exp $
###
###	Script to manage execution and logging of the 'chkrootkit' tool.
###
####################################################################################################

Oasis=${Oasis:-/Oasis}
ThisDATE=`date '+%Y%m%d%H%M%S'`

command=chkrootkit
compath=`which ${command} `

if [ -z "${compath}" ] ; then  echo "\n\t Command '${command}' was not found in PATH.  Abandonning.\n Bye!\n" ; exit 1 ; fi

# REFERENCE:  /home/ericthered/Desktop/PROJ01_SecurityScans

LogROOT="${Oasis}/Logs"
LOGS="${LogROOT}/${command}"

for dir in ${LogROOT} ${LOGS}
do
	if [ ! -d ${dir} ]
	then
		mkdir ${dir}
		chmod 775 ${dir}
		echo "\t Created directory:  ${dir} ..."
	fi
done

LOG="${LogROOT}/${command}/${command}.${ThisDATE}.log"

echo "========  |${command}|${ThisDATE}|`uname -a`|  ========" >${LOG}

eval ${command} >> ${LOG} 2>&1


exit 0
exit 0
exit 0

unhide 
#!/bin/sh

#23456789+123456789+123456789+123456789+123456789+123456789+123456789+123456789+123456789+123456789+
####################################################################################################
###
###	$Id: SEC__Scan_004_unhide.sh,v 1.1 2020/09/20 02:20:25 root Exp $
###
###	Script to manage execution and logging of the 'unhide' tool.
###
####################################################################################################

Oasis=${Oasis:-/Oasis}
ThisDATE=`date '+%Y%m%d_%H%M%S'`

command=unhide
compath=`which ${command} `

if [ -z "${compath}" ] ; then  echo "\n\t Command '${command}' was not found in PATH.  Abandonning.\n Bye!\n" ; exit 1 ; fi

# REFERENCE:  /home/ericthered/Desktop/PROJ01_SecurityScans

LogROOT="${Oasis}/Logs"
LOGS="${LogROOT}/${command}"

for dir in ${LogROOT} ${LOGS}
do
	if [ ! -d ${dir} ]
	then
		mkdir ${dir}
		chmod 775 ${dir}
		echo "\t Created directory:  ${dir} ..."
	fi
done

LOG="${LogROOT}/${command}/${command}.${ThisDATE}.log"
cd ${LogROOT}/unhide

	#eval ${compath} -f quick
	eval ${compath} -f -d -m -vvv  sys procall brute checkbrute reverse checkreverse checkgetprio checkkill

	unhide-tcp -vv --log

{	echo "========  |${command}|${ThisDATE}|`uname -a`|  ========\n"

	log=`ls -t1 unhide-linux_*.log 2>>/dev/null | head -1 `
	if [ -n "${log}" ]
	then
		cat ${log}
		rm -f ${log}
	fi

	echo "\n\n========  |${command}|${ThisDATE}|`uname -a`|  ========\n"

	log=`ls -t1 unhide-tcp_*.log 2>>/dev/null | head -1 `
	if [ -n "${log}" ]
	then
		cat ${log}
		rm -f ${log}
	fi
} >${LOG}


exit 0
exit 0
exit 0

clamscan 
#!/bin/sh

#23456789+123456789+123456789+123456789+123456789+123456789+123456789+123456789+123456789+123456789+
####################################################################################################
###
###	$Id: SEC__Scan_005_clamscan.sh,v 1.1 2020/09/20 02:29:46 root Exp $
###
###	Script to manage execution and logging of the 'clamscan' tool.
###
####################################################################################################

doScan()
{
	START=`date`
	rm -f ${TMP}
	rm -f ${TMP}.tmp

	if [ "${Partition}" = "/" ]
	then
		treeLABEL="DB001_F1"
		cd /
		ls -a | grep -v '^DB00' | awk '{ if( $0 != "." && $0 != ".." && $0 != "dev" && $0 != "proc" && $0 != "sys" && $0 != "tmp" && $0 != "lost+found" && $0 != ".Trash-1000" ){ print $0 } ; }' > ${TMP}.tmp
	else
		treeLABEL="${Partition}"
		cd "/${treeLABEL}"
		ls -a | awk '{ if( $0 != "." && $0 != ".." && $0 != "lost+found" && $0 != ".Trash-1000" ){ print $0 } ; }' > ${TMP}.tmp
	fi

	echo "\t Determining scan sequence on partition ..."

	du -s --one-file-system `cat ${TMP}.tmp` | sort -n | cut -f2- >${TMP}
	#cat ${TMP}

	rm -f ${LOG}
	LOG="${LogROOT}/${command}/${command}.${ThisDATE}_${treeLABEL}.log"

	echo "\t Scanning ${Partition} ..."

	for partBranch in `cat ${TMP} `
	do
		STARTb=`date`
		echo "\n =======================================================================\n\t Partition:  /${treeLABEL}\n\t Branch:     ${partBranch}"
		rm -f ${LOG}.tmp

		# Other Options to Consider
		#	-v \
		#	-i \
		#	--allmatch \
		#	--scan-mail=yes \
		#	--algorithmic-detection=yes \
		#	--exclude-pua=CATEGORY     (see http://www.clamav.net/support/pua)
		#	--exclude-dir=/dev \

		clamscan \
			--stdout \
			--infected \
			--remove=no \
			--detect-pua=yes \
			--heuristic-scan-precedence=no \
			--log="${LOG}.tmp" \
			--cross-fs=no \
			--recursive ./${partBranch}

		#	--recursive /${Partition}

		FINISb=`date`
		echo "\n\t START = ${STARTb}\n\t   END = ${FINISb}\n"
		ls -l "${LOG}.tmp"

		cat "${LOG}.tmp" >> "${LOG}"
	done

	FINIS=`date`
	echo "\n START = ${START}\n   END = ${FINIS}\n"
	ls -l "${LOG}"

}	#doScan()

command=clamscan
compath=`which ${command} `

if [ -z "${compath}" ] ; then  echo "\n\t Command '${command}' was not found in PATH.  Abandonning.\n Bye!\n" ; exit 1 ; fi

# REFERENCE:  /home/ericthered/Desktop/PROJ01_SecurityScans

TMP=/tmp/`basename "$0" ".sh" `.tmp

Oasis=${Oasis:-/Oasis}
ThisDATE=`date '+%Y%m%d_%H%M%S'`

LogROOT="${Oasis}/Logs"
LOGS="${LogROOT}/${command}"

for dir in ${LogROOT} ${LOGS}
do
	if [ ! -d ${dir} ]
	then
		mkdir ${dir}
		chmod 775 ${dir}
		echo "\t Created directory:  ${dir} ..."
	fi
done

echo "\n This currently only scans the ROOT partition directory ..."

for Partition in / DB001_F2 DB001_F3 DB001_F4 DB001_F5 DB001_F6 DB001_F7
do
	echo "\n Scan partition '${Partition}' ? [y|N] => \c" ; read resp

	if [ -z "${resp}" ] ; then  resp="N" ; fi

	case ${resp} in
		y* | Y* )
			rm -f ${LogROOT}/${command}/${command}.${ThisDATE}.session
			doScan 2>&1 | tee ${LogROOT}/${command}/${command}.${ThisDATE}.session
		       	;;
		* ) ;;
	esac
done


exit 0
exit 0
exit 0

tcpdump 
#!/bin/sh

####################################################################################################

###	REF:  Used response from Google Search AI Assistant as initial reference
###	      Query:  https://www.google.co.uk/search?hl=en-CA&as_q=tcpdump+examples&as_epq=&as_oq=&as_eq=&as_nlo=&as_nhi=&lr=&cr=&as_qdr=all&as_sitesearch=&as_occt=any&as_filetype=&tbs=&sei=FeLGaOGAEvWrw8cP5_2MuQQ

####################################################################################################

ROOT_DIR=~root
LOG="${ROOT_DIR}/tcpdump_suspectIP.log"

testor=$(ifconfig | grep '<UP' | grep 'BROADCAST' | awk '{print $1}' | cut -f1 -d\: )
if [ -z "${testor}" ]
then
	echo "\n\t ERROR:  Network is down.  Unable to start monitoring.\n" ; exit 1
fi
INTERFACE="-i ${testor}"

PROTOCOL=''
TIMESTAMP=''
OUTPUT=''
TYPE="src"

while [ $# -gt 0 ]
do
	case "${1}" in
		"--sender" )
			TYPE="src"
			shift
			;;
		"--receiver" )
			TYPE="dst"
			shift
			;;
		"--details" )
			#Medium level of output detail
			OUTPUT='-nnvvXS'
			shift
			;;
		"--timestamp" )
			TIMESTAMP='-t :'
			shift
			;;
		"--interface" )
			dev="${2}"
			testor=$(ifconfig | grep 'flags' | awk '{print $1}' | cut -f1 -d\: | awk -v hw="${dev}" '{
				if( $1 == hw ){ 
					print $1 ;
					exit ;
				} ;
			}' )
			if [ -n "${testor}" ]
			then
				INTERFACE="-i ${dev}"
			else
				echo "\n\t ERROR:  Invalid network device specified: '${dev}'. Unable to proceed.\n Bye!\n" ; exit 1
			fi
			shift
			;;
		"--protocol" )
			prot="${2}"
			testor=$(echo "tcp\nudp\nicmp\n" | awk -v form="${prot}" '{
				if( $1 == form ){ 
					print $1 ;
					exit ;
				} ;
			}' )
			if [ -n "${testor}" ]
			then
				#PROTOCOL="[ tcp | udp | icmp ]"
				PROTOCOL="${prot}"
			else
				echo "\n\t ERROR:  Invalid protocol specified: '${prot}'.  Valid options:  [ --protocol { tcp | udp | icmp } ]\n Bye!\n" ; exit 1
			fi
			shift
			;;
		* ) echo "\n\t ERROR:  Invalid option specified.  Valid options:  [ --sender | --receiver ] [ --details ] [ --timestamp ] [ --interface {device_name} ]\n" ; exit 1
			;;
	esac
done


if [ -n "${OUTPUT}" ]
then
	VERBOSITY=''
else
	VERBOSITY='-vvv'
fi


PORT=''
#PORT='\( port 80 or port 443 \)'
#PORT='port 443'
PORT=''


LAN=''
# to any device on LAN
#LAN='dst net 192.168.0.0/24'
# From any device on LAN
#LAN='src net 192.168.0.0/24'
if [ -n "${PORT}" ]
then
	if [ -n "${TYPE}" ]
	then
		LAN="${TYPE} net 192.168.0.0/24 and"
	else
		LAN="net 192.168.0.0/24 and"
	fi
else
	if [ -n "${TYPE}" ]
	then
		LAN="${TYPE} net 192.168.0.0/24"
	else
		LAN="net 192.168.0.0/24"
	fi
fi
LAN=''

if [ -z "${LAN}" ]
then
	FILTER=''
	#FILTER="dst ${PORT}"
	#FILTER='src host 192.168.0.254 and \( port 80 or port 443 \)'
	if [ -n "${PORT}" ]
	then
		if [ -n "${TYPE}" ]
		then
			#FILTER="${TYPE} host 192.168.0.254 and"
			FILTER="${TYPE} host 192.168.0.254 and"
		else
			FILTER="host 192.168.0.254 and"
		fi
	else
		if [ -n "${TYPE}" ]
		then
			#FILTER="${TYPE} host 192.168.0.254"
			FILTER="${TYPE} host 192.168.0.254"
		else
			FILTER="host 192.168.0.254"
		fi
	fi
	#FILTER=''
fi

####################################################################################################

if [ -s "${LOG}" ]
then
	echo "\n Purge previous log file? [y|N] => \c" ; read ans
	if [ -z "${ans}" ] ; then  ans="N" ; fi
	case "${ans}" in
		y* | Y* )	rm -fv "${LOG}" >&2 ;;
		* ) echo "\n\t Previous log records have been retained ...\n" ;;
	esac
fi

echo "COMMAND:  tcpdump ${TIMESTAMP} ${OUTPUT} ${VERBOSITY} ${INTERFACE} ${PROTOCOL} ${FILTER} ${LAN} ${PORT} 2>&1 >> '${LOG}'"

echo "\n Proceed? [y|N] => \c" ; read ans
if [ -z "${ans}" ] ; then  ans="N" ; fi
case "${ans}" in
	y* | Y* ) ;;
	* ) echo "\n\t Attempt to initiate monitoring has been abandoned.\n Bye!\n" ; exit 0 ;;
esac

####################################################################################################

echo "\n###	SCAN START:	$(date '+%Y-%M-%D_%H%M%S' )" >> "${LOG}"
nohup tcpdump ${TIMESTAMP} ${OUTPUT} ${VERBOSITY} ${INTERFACE} ${PROTOCOL} ${FILTER} ${LAN} ${PORT} 2>&1 >> "${LOG}" &

exit 0
exit 0
exit 0
3 Likes