Fedora 25: Install ClamAV AntiVirus.

Published / by MasonCloud / Leave a Comment

This is a short tutorial about how to use clamav antivirus on Fedora 25.
First you need to install it with this commands:

# awk -F: '/^[^#]/ { print $1 }' /etc/freshclam.conf | uniq
# dnf install clamav.x86_64 
...
# dnf install clamav-update.x86_64
...
Make settings into your /etc/freshclam.conf file.
I used awk tool to show you my settings from /etc/freshclam.conf:

DatabaseDirectory /var/lib/clamav
UpdateLogFile /var/log/freshclam.log
LogFileMaxSize 2M
LogTime yes
LogVerbose yes
LogSyslog yes
LogFacility LOG_MAIL
LogRotate yes
DatabaseOwner clamupdate
DNSDatabaseInfo current.cvd.clamav.net
DatabaseMirror database.clamav.net
MaxAttempts 5
ScriptedUpdates yes
DetectionStatsCountry country-code
SafeBrowsing yes
Update the clamav antivirus with :

# /usr/bin/freshclam
ClamAV update process started at Wed Mar 15 13:42:07 2017
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
WARNING: getfile: daily-21724.cdiff not found on database.clamav.net (IP: 195.30.97.3)
WARNING: getpatch: Can't download daily-21724.cdiff from database.clamav.net
Trying host database.clamav.net (212.7.0.71)...
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host database.clamav.net (IP: 212.7.0.71)
WARNING: getpatch: Can't download daily-21724.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-21724.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-21724.cdiff from database.clamav.net
WARNING: getpatch: Can't download daily-21724.cdiff from database.clamav.net
WARNING: Incremental update failed, trying to download daily.cvd
Downloading daily.cvd [100%]
daily.cvd updated (version: 23205, sigs: 1789155, f-level: 63, builder: neo)
Downloading safebrowsing.cvd [100%]
safebrowsing.cvd updated (version: 45693, sigs: 2756150, f-level: 63, builder: google)
Downloading bytecode-279.cdiff [100%]
Downloading bytecode-280.cdiff [100%]
Downloading bytecode-281.cdiff [100%]
Downloading bytecode-282.cdiff [100%]
Downloading bytecode-283.cdiff [100%]
Downloading bytecode-284.cdiff [100%]
Downloading bytecode-285.cdiff [100%]
Downloading bytecode-286.cdiff [100%]
Downloading bytecode-287.cdiff [100%]
Downloading bytecode-288.cdiff [100%]
Downloading bytecode-289.cdiff [100%]
Downloading bytecode-290.cdiff [100%]
Downloading bytecode-291.cdiff [100%]
bytecode.cld updated (version: 291, sigs: 55, f-level: 63, builder: neo)
Database updated (8764150 signatures) from database.clamav.net (IP: 157.25.5.183)
Now you can run it on Fedora 25 folder with this:

# clamscan 
/home/mythcat/.bash_logout: OK
/home/mythcat/.bash_profile: OK
...
----------- SCAN SUMMARY -----------
Known viruses: 8758441
Engine version: 0.99.2
Scanned directories: 1
Scanned files: 54
Infected files: 0
Data scanned: 71.80 MB
Data read: 189.96 MB (ratio 0.38:1)
Time: 13.968 sec (0 m 13 s)

This tool come with many options and features for Fedora workstations and server. Just read the documentation and make your changes.

Delete Files Older Than ‘x’ Days

Published / by MasonCloud / Leave a Comment

Delete Files Older Than ‘x’ Days on Linux:

The find utility on linux allows you to pass in a bunch of interesting arguments, including one to execute another command on each file. We’ll use this in order to figure out what files are older than a certain number of days, and then use the rm command to delete them.

Command Syntax:
Ex: find /path/to/files* -mtime +5 -exec rm {} \;

# clear ; find . -type f -mtime +5 -exec rm {} \;

Note that there are spaces between rm, {}, and \;

Explanation

  • The first argument is the path to the files. This can be a path, a directory, or a wildcard as in the example above. I would recommend using the full path, and make sure that you run the command without the exec rm to make sure you are getting the right results.
  • The second argument, -mtime, is used to specify the number of days old that the file is. If you enter +5, it will find files older than 5 days.
  • The third argument, -exec, allows you to pass in a command such as rm. The {} \; at the end is required to end the command.

This should work on Ubuntu, Suse, Redhat, or pretty much any version of linux.

Get Notified When Users Run “sudo”

Published / by MasonCloud / Leave a Comment
# visudo

Paste the following into your config:

###### Get every alert when user fired an command with sudo ####
Defaults        syslog=auth, insults, syslog_goodpri=alert
Defaults        logfile=/var/log/sudo.log
Defaults        timestamp_timeout=0, log_year, tty_tickets
Defaults        mailto="@YourDomain.com", mail_always, mail_badpass, mail_no_user

Process Checker (Running or Not?)

Published / by MasonCloud / Leave a Comment
#!/bin/bash
# Name : service.chk
# URL: https://bash.cyberciti.biz/monitoring/simple-process-checker-script/
# Purpose: A simple process checker. Find out if service is running or not.
# Tested on: Debian and RHEL based system only.
# ----------------------------------------------------------------------------
# Author: nixCraft http://www.cyberciti.biz/
# Copyright: 2009 nixCraft under GNU GPL v2.0+
# ----------------------------------------------------------------------------
# Last updated: 13/Mar/2013 - Added support for email and other enhancements
# Last updated: 05/Dec/2011 - Added support for binary path check
# ----------------------------------------------------------------------------
# Runn the script as below to only show "running" processes
# clear ; ./process_checker.sh | grep -v "not running"
# ----------------------------------------------------------------------------
#
echo "Service status on ${HOSTNAME} @ $(date)"
echo "------------------------------------------------------"
sleep 1 ; chkconfig --list
echo "------------------------------------------------------"
## Change as per your distro
_pgrep="/usr/bin/pgrep"
_mail="/usr/bin/mail"
## Add binary list here
_chklist="/usr/bin/php-cgi /usr/sbin/mysqld /usr/sbin/apache2 /usr/sbin/nginx /usr/sbin/httpd"
#_chklist="/usr/bin/php-cgi /usr/sbin/lighttpd /usr/sbin/named /usr/sbin/pgsqld /usr/sbin/mysqld /usr/sbin/apache2 /usr/sbin/nginx /usr/sbin/httpd"
## yes | no
_sendemail="no"
## Add your email id
_email="your@mobile.email.id.example.com"
## Do not change below
_failed="false"
_service="Service:"
_running() {
 local p="${1##*/}"
 local s="true"
 $_pgrep "${p}" >/dev/null || { s="false"; _failed="true"; _service="${_service} $1,"; }
 [[ "$s" == "true" ]] && echo "$1 running" || { echo -n "$1 not running"; [[ ! -f "$1" ]] && echo " [ $1 not found ]" || echo ; }
}
## header
echo "Service status on ${HOSTNAME} @ $(date)"
echo "------------------------------------------------------"
## Check if your service is running or not
for s in $_chklist
do
 _running "$s"
done
## Send a quick email update (good for cron jobs) ##
[[ "$_failed" == "true" && "$_sendemail" == "yes" ]] && { _mess="$_service failed on $HOSTNAME @ $(date)";
 $_mail -s 'Service not found' "$_email" < "${_mess}";
 }

Create AMI from EC2 Image

Published / by MasonCloud / Leave a Comment
# vim /root/bin/ami-create.sh
------

#!/bin/bash

#
# @Purpose Creates an image (AMI) of the given EC2 instance
# @Background Meant to be run as a cronjob. Requires that awscli is installed. Assumes that the
# instance running this command has the permission ec2:CreateImage assigned via IAM.
#
# @Usage: ec2-create-image <instance-id>
#

DATE=$(date +%Y-%m-%d_%H-%M)
AMI_NAME="WordPress Backup - $DATE"
AMI_DESCRIPTION="WordPress Backup - $DATE"
INSTANCE_ID=$1

printf "Requesting AMI for instance $1...\n"
aws ec2 create-image --instance-id $1 --name "$AMI_NAME" --description "$AMI_DESCRIPTION" --no-reboot

if [ $? -eq 0 ]; then
 printf "AMI request complete!\n"
 fi

------
# /root/bin/ami-create.sh i-0b84b3b0de37cce1a >> /root/log/crontab.log 2>&1

------
# aws ec2 deregister-image --image-id i-0b84b3b0de37cce1a