New Entity AI

Draft 1.0:
Index

clean-> maldetect.sh


Reseed any maldetect, LMD, or custom malware-related log files. Following convention, these should log to a local instance of /usr/, such as /usr/local/< MALWARE LOGGING META-INSTANCE > and be generated according to the actions of each individual scoped user. All /home/* directories should be monitored, with the conventions of excluding /run/ unless when there is a linked-process within /etc/ or /var/. As for the rest of your malware monitoring strategy, including, but not limited to deviations from our basic suggestions, those will be left up to your admin and IT operational objectives.


           

#!/bin/sh
###############################################################################
## COPYRIGHT (C) 2022-2024 NEW ENTITY OPERATIONS INC. ALL RIGHTS RESERVED
## CREATED: 2022/02/13
## INSTANCE: clean/maldetect.sh
## MODIFIED: 2024/01/01
## OVERVIEW: reseed your maldetect log files in the /usr/local/
## directory
## HISTORY: VERSION 1.5
## -> 2022/02/13 (VERSION 1.0) Development
## -> 2023/11/19 (VERSION 1.1)
## -> 2023/12/17 (VERSION 1.2)
## -> 2023/12/18 (VERSION 1.3)
## -> 2023/12/19 (VERSION 1.4)
## -> 2024/01/01 (VERSION 1.5) Production
###############################################################################
## Add filesystem routines that an be run as a batch below:
## This file sources paths from $dugout_dir/system_paths.dugout
###############################################################################
## Source the wrappers
. "$wrappers_generic"

## ACS CHECK
helper_acs_check "clean"

## clean any never-ending maldetect logs
if [ "$(id -u)" -eq "${SCRIPT_ACS_RUNNER_CLEAN}" ]; then
 CWD="$(pwd)"
 if [ -d "${PATH_MALDETECT}" ]; then
  if [ -d "${PATH_MALDETECT_LOGS}" ]; then
   perform_tree_walk_protected "${PATH_MALDETECT_LOGS}"
   printf "%bRemoving all discovered maldetect log files now...\n" "${tmodReset}"
   printf "Navigated to %s\n" "$(pwd)"
   if [ -f "${PATH_MALDETECT_LOGS}${MALDETECT_LOG_EVENT}" ]; then
    printf "event log located-> removing: %s\n" "${MALDETECT_LOG_EVENT}"
    perform_removal_generic "${PATH_MALDETECT_LOGS}${MALDETECT_LOG_EVENT}"
   else
    printf "You don't have an event log in maldetect-> Location: %s\n" "${MALDETECT_LOG_EVENT}"
   fi
   if [ -f "${PATH_MALDETECT_LOGS}${MALDETECT_LOG_CLAMSCAN}" ]; then
    printf "clamscan log located-> removing: %s\n" "${MALDETECT_LOG_CLAMSCAN}"
    perform_removal_generic "${PATH_MALDETECT_LOGS}${MALDETECT_LOG_CLAMSCAN}"
   else
    printf "You don't have a clamscan log in maldetect-> Location: %s\n" "${MALDETECT_LOG_CLAMSCAN}"
   fi
   if [ -f "${PATH_MALDETECT_LOGS}${MALDETECT_LOG_INOTIFY}" ]; then
    printf "inotify log located-> removing: %s\n" "${MALDETECT_LOG_INOTIFY}"
    perform_removal_generic "${PATH_MALDETECT_LOGS}${MALDETECT_LOG_INOTIFY}"
   else
    printf "You don't have an inotify log in maldetect-> Locations: %s\n" "${MALDETECT_LOG_INOTIFY}"
   fi
   echo "Recreating the maldetect files now..."
   perform_creation_file "${PATH_MALDETECT_LOGS}${MALDETECT_LOG_EVENT}"
   perform_creation_file "${PATH_MALDETECT_LOGS}${MALDETECT_LOG_CLAMSCAN}"
   perform_creation_file "${PATH_MALDETECT_LOGS}${MALDETECT_LOG_INOTIFY}"
   echo "Made the following files:"
   printf "%s\n" "${PATH_MALDETECT_LOGS}${MALDETECT_LOG_EVENT}"
   printf "%s\n" "${PATH_MALDETECT_LOGS}${MALDETECT_LOG_CLAMSCAN}"
   printf "%s\n" "${PATH_MALDETECT_LOGS}${MALDETECT_LOG_INOTIFY}"
   echo "Changing the permissions of the files to the appropriate modifiers."
   printf "Current Directory-> %s\n" "$(pwd)"
   if [ "$(pwd)" = "${PATH_MALDETECT_LOGS}" ]; then
    echo "This was the expected directory"
   else
    echo "Unexpected directory"
   fi
   determine_mint_logic "chmod" "640" "${PATH_MALDETECT_LOGS}${MALDETECT_LOG_CLAMSCAN}"
   determine_mint_logic "chmod" "640" "${PATH_MALDETECT_LOGS}${MALDETECT_LOG_EVENT}"
   determine_mint_logic "chmod" "640" "${PATH_MALDETECT_LOGS}${MALDETECT_LOG_INOTIFY}"
   printf "%bDone cleaning maldetect...%b\n" "${tmodSuccess}" "${tmodReset}"
   perform_tree_walk_protected "${CWD}"
  else
   printf "No log directory was located in maldetect-> Location: %s\n" "${PATH_MALDETECT_LOGS_ALL}"
  fi
 else
  printf "The path for maldetect: %s wasn't found on your system.\n" "${PATH_MALDETECT}"
 fi
else
 printf "%bYou need to be root to be able to perform a clean-related task.\n" "${tmodReset}"
fi