Initial commit — SETEC LABS Manager (Setec_CDM)

Flask-based VPS management panel with SSH remote command execution.
Includes E2E encrypted SSH tunnel (AES-256-GCM + Go agent), setup wizard,
security hardening tools, DNS management, firewall configs, monitoring,
backup, and .sec patch update system.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

setec-web/chkrootkit.py

@@ -0,0 +1,106 @@
+"""
+Command-builder module for managing chkrootkit on a Linux VPS.
+Each function returns a bash command string.
+"""
+
+
+def status_cmd() -> str:
+    """Check if chkrootkit is installed and show version."""
+    return (
+        "if command -v chkrootkit >/dev/null 2>&1; then "
+        "echo 'chkrootkit is installed'; chkrootkit -V 2>&1; "
+        "dpkg -s chkrootkit 2>/dev/null | grep -E '^(Package|Version|Status):'; "
+        "else echo 'chkrootkit is NOT installed'; fi"
+    )
+
+
+def install_cmd() -> str:
+    """Install chkrootkit via apt."""
+    return "apt-get update && apt-get install -y chkrootkit"
+
+
+def check_cmd() -> str:
+    """Run a full chkrootkit scan, filtering out common noise."""
+    return (
+        "chkrootkit 2>&1 | grep -v "
+        "'^Checking' | grep -v '^ROOTDIR' | grep -v '^nothing found' | "
+        "grep -v '^not infected' | grep -v '^not tested' | "
+        "grep -v '^\\.\\.\\.'"
+        " || echo 'Scan complete — no suspicious findings.'"
+    )
+
+
+def check_expert_cmd() -> str:
+    """Run chkrootkit in expert mode for detailed output."""
+    return "chkrootkit -x 2>&1"
+
+
+def log_cmd(lines: int = 50) -> str:
+    """View recent chkrootkit log entries."""
+    return (
+        "if [ -f /var/log/chkrootkit/log.today ]; then "
+        f"tail -n {int(lines)} /var/log/chkrootkit/log.today; "
+        "elif [ -f /var/log/chkrootkit.log ]; then "
+        f"tail -n {int(lines)} /var/log/chkrootkit.log; "
+        "else echo 'No chkrootkit log found. Check /etc/chkrootkit.conf for LOG_DIR.'; fi"
+    )
+
+
+def schedule_cmd(schedule: str = "daily") -> str:
+    """Set up a cron job for chkrootkit scans (daily or weekly)."""
+    cron_file = "/etc/cron.d/chkrootkit-scan"
+    if schedule == "weekly":
+        cron_expr = "0 3 * * 0"
+    else:
+        cron_expr = "0 3 * * *"
+    return (
+        f"echo '{cron_expr} root /usr/sbin/chkrootkit > "
+        f"/var/log/chkrootkit.log 2>&1' > {cron_file} && "
+        f"chmod 644 {cron_file} && "
+        f"echo 'chkrootkit scheduled {schedule} via {cron_file}'"
+    )
+
+
+def schedule_status_cmd() -> str:
+    """Show the current chkrootkit cron schedule."""
+    return (
+        "echo '=== /etc/cron.d ===' && "
+        "grep -rl chkrootkit /etc/cron.d/ 2>/dev/null && "
+        "cat /etc/cron.d/chkrootkit-scan 2>/dev/null; "
+        "echo '=== /etc/cron.daily ===' && "
+        "ls -la /etc/cron.daily/chkrootkit 2>/dev/null; "
+        "echo '=== crontab ===' && "
+        "crontab -l 2>/dev/null | grep chkrootkit || "
+        "echo 'No chkrootkit cron entries found.'"
+    )
+
+
+def schedule_remove_cmd() -> str:
+    """Remove chkrootkit cron entries."""
+    return (
+        "rm -f /etc/cron.d/chkrootkit-scan && "
+        "echo 'Removed /etc/cron.d/chkrootkit-scan (if it existed)'"
+    )
+
+
+def config_cmd() -> str:
+    """Show chkrootkit configuration."""
+    return (
+        "if [ -f /etc/chkrootkit.conf ]; then "
+        "echo '=== /etc/chkrootkit.conf ===' && cat /etc/chkrootkit.conf; "
+        "elif [ -f /etc/chkrootkit/chkrootkit.conf ]; then "
+        "echo '=== /etc/chkrootkit/chkrootkit.conf ===' && "
+        "cat /etc/chkrootkit/chkrootkit.conf; "
+        "else echo 'No chkrootkit config file found.'; fi && "
+        "echo && echo '=== Defaults (if present) ===' && "
+        "cat /etc/default/chkrootkit 2>/dev/null || true"
+    )
+
+
+def uninstall_cmd() -> str:
+    """Remove chkrootkit and clean up."""
+    return (
+        "apt-get remove --purge -y chkrootkit && "
+        "rm -f /etc/cron.d/chkrootkit-scan && "
+        "echo 'chkrootkit removed.'"
+    )