sssnake/setec_cdm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9e839ee8260d389f46dadf53d643e955d9bf2c00
setec_cdm/setec-web/rkhunter.py

153 lines
5.5 KiB
Python
Raw Normal View History

Initial commit — SETEC LABS Manager (Setec_CDM) Flask-based VPS management panel with SSH remote command execution. Includes E2E encrypted SSH tunnel (AES-256-GCM + Go agent), setup wizard, security hardening tools, DNS management, firewall configs, monitoring, backup, and .sec patch update system. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-13 12:39:02 -07:00
# rkhunter rootkit detection management commands
# Each function returns a bash command string that app.py executes via ssh_run()
def status_cmd():
"""Return bash cmd to check rkhunter install, version, and last run results."""
return (
"echo '=== rkhunter Installation ===' && "
"dpkg -l | grep rkhunter | awk '{print $2, $3}' 2>/dev/null || echo 'rkhunter not installed' && "
"echo '' && echo '=== Version ===' && "
"rkhunter --version 2>/dev/null || echo 'rkhunter not found' && "
"echo '' && echo '=== Last Run ===' && "
"if [ -f /var/log/rkhunter.log ]; then "
" grep 'Start date' /var/log/rkhunter.log | tail -1; "
" grep 'End date' /var/log/rkhunter.log | tail -1; "
" echo '' && echo '=== Last Results ===' && "
" grep -E '\\[Warning\\]|\\[Bad\\]|\\[Not found\\]' /var/log/rkhunter.log | tail -20 || "
" echo 'No warnings found in last run'; "
"else "
" echo 'No log file found (rkhunter has not been run)'; "
"fi"
)
def install_cmd():
"""Return bash cmd to install rkhunter, update db, and set file properties."""
return (
"DEBIAN_FRONTEND=noninteractive apt-get update -qq && "
"DEBIAN_FRONTEND=noninteractive apt-get install -y rkhunter 2>&1 && "
"rkhunter --update 2>&1; "
"rkhunter --propupd 2>&1 && "
"echo 'rkhunter installed, database updated, file properties set'"
)
def update_cmd():
"""Return bash cmd to update rkhunter signatures and file properties."""
return (
"echo '=== Updating Signatures ===' && "
"rkhunter --update 2>&1; "
"echo '' && echo '=== Updating File Properties ===' && "
"rkhunter --propupd 2>&1 && "
"echo '' && echo 'rkhunter signatures and file properties updated'"
)
def check_cmd():
"""Return bash cmd for a full rkhunter scan (warnings only)."""
return (
"echo '=== rkhunter Full Scan ===' && "
"echo 'Started: '$(date) && "
"rkhunter --check --skip-keypress --report-warnings-only 2>&1; "
"echo 'Finished: '$(date)"
)
def check_quick_cmd():
"""Return bash cmd for a quick rkhunter check on key areas."""
return (
"echo '=== rkhunter Quick Check ===' && "
"echo 'Started: '$(date) && "
"rkhunter --check --skip-keypress --report-warnings-only "
"--enable system_commands,rootkits,network 2>&1; "
"echo 'Finished: '$(date)"
)
def log_cmd(lines=50):
"""Return bash cmd to view rkhunter log."""
return (
"echo '=== rkhunter Log ===' && "
f"tail -{lines} /var/log/rkhunter.log 2>/dev/null || echo 'No rkhunter log found'"
)
def config_cmd():
"""Return bash cmd to show rkhunter config and key settings."""
return (
"echo '=== rkhunter.conf ===' && "
"cat /etc/rkhunter.conf 2>/dev/null || echo 'Not found' && "
"echo '' && echo '=== Key Settings ===' && "
"grep -E '^(ALLOW_SSH_ROOT_USER|ALLOW_SSH_PROT_V1|ENABLE_TESTS|DISABLE_TESTS|"
"SCRIPTWHITELIST|ALLOWHIDDENDIR|ALLOWHIDDENFILE|ALLOWDEVFILE|"
"WEB_CMD|UPDATE_MIRRORS|MIRRORS_MODE|MAIL-ON-WARNING)' "
"/etc/rkhunter.conf 2>/dev/null || echo 'Could not read config'"
)
def whitelist_cmd():
"""Return bash cmd to show current whitelisted items from config."""
return (
"echo '=== rkhunter Whitelisted Items ===' && "
"grep -E '^(SCRIPTWHITELIST|ALLOWHIDDENDIR|ALLOWHIDDENFILE|ALLOWDEVFILE|"
"ALLOW_SSH_ROOT_USER|RTKT_FILE_WHITELIST|RTKT_DIR_WHITELIST|"
"SHARED_LIB_WHITELIST|PORT_WHITELIST|EXISTWHITELIST)' "
"/etc/rkhunter.conf 2>/dev/null || echo 'No whitelist entries found or config not found'"
)
def whitelist_add_cmd(item):
"""Return bash cmd to add a SCRIPTWHITELIST entry to rkhunter.conf."""
return (
f"if grep -q '^SCRIPTWHITELIST={item}$' /etc/rkhunter.conf 2>/dev/null; then "
f" echo 'Already whitelisted: {item}'; "
f"else "
f" echo 'SCRIPTWHITELIST={item}' >> /etc/rkhunter.conf && "
f" echo 'Added SCRIPTWHITELIST={item} to /etc/rkhunter.conf' && "
f" rkhunter --propupd 2>&1; "
f"fi"
)
def schedule_cmd(schedule="daily"):
"""Return bash cmd to set up a cron job for scheduled rkhunter scanning."""
if schedule == "daily":
cron_time = "0 4 * * *"
elif schedule == "weekly":
cron_time = "0 4 * * 0"
else:
cron_time = "0 4 * * *"
return (
f"(crontab -l 2>/dev/null | grep -v 'setec-rkhunter'; "
f"echo '{cron_time} rkhunter --check --skip-keypress --report-warnings-only "
f"--logfile /var/log/rkhunter.log # setec-rkhunter') | crontab - 2>&1 && "
f"echo 'Scheduled {schedule} rkhunter scan' && "
f"crontab -l | grep setec-rkhunter"
)
def schedule_status_cmd():
"""Return bash cmd to show current rkhunter scan schedule."""
return (
"echo '=== rkhunter Scan Schedule ===' && "
"crontab -l 2>/dev/null | grep setec-rkhunter || echo 'No scheduled rkhunter scan'"
)
def schedule_remove_cmd():
"""Return bash cmd to remove scheduled rkhunter scan."""
return (
"(crontab -l 2>/dev/null | grep -v 'setec-rkhunter') | crontab - 2>&1 && "
"echo 'Scheduled rkhunter scan removed'"
)
def uninstall_cmd():
"""Return bash cmd to remove rkhunter."""
return (
"DEBIAN_FRONTEND=noninteractive apt-get remove --purge -y rkhunter 2>&1 && "
"apt-get autoremove -y 2>&1 && "
"echo 'rkhunter uninstalled'"
)
Reference in New Issue Copy Permalink