__ __ __ __ _____ _ _ _____ _ _ _
| \/ | \ \ / / | __ \ (_) | | / ____| | | | |
| \ / |_ __\ V / | |__) | __ ___ ____ _| |_ ___ | (___ | |__ ___| | |
| |\/| | '__|> < | ___/ '__| \ \ / / _` | __/ _ \ \___ \| '_ \ / _ \ | |
| | | | |_ / . \ | | | | | |\ V / (_| | || __/ ____) | | | | __/ | |
|_| |_|_(_)_/ \_\ |_| |_| |_| \_/ \__,_|\__\___| |_____/|_| |_|\___V 2.1
if you need WebShell for Seo everyday contact me on Telegram
Telegram Address : @jackleet
For_More_Tools:
if [ -z "$type" ]; then
type=scan
fi
cat > $tmpf <<EOF
HOST: $HOSTNAME
SCAN ID: $scanid
STARTED: $scan_start_hr
EOF
if [ ! "$type" == "digest" ]; then
cat >> $tmpf <<EOF
COMPLETED: $scan_end_hr
ELAPSED: ${scan_et}s [find: ${file_list_et}s]
EOF
else
cat >> $tmpf <<EOF
MODE: inotify digest
ELAPSED: $inotify_run_time
EOF
fi
if [ "$spath" ]; then
echo "PATH: $hrspath" >> $tmpf
fi
if [ "$days" ] && [ ! "$days" == "all" ]; then
echo "RANGE: $days days" >> $tmpf
fi
cat >> $tmpf <<EOF
TOTAL FILES: $tot_files
TOTAL HITS: $tot_hits
TOTAL CLEANED: $tot_cl
EOF
if [ "$quarantine_hits" == "0" ] && [ ! "$tot_hits" == "0" ]; then
echo "WARNING: Automatic quarantine is currently disabled, detected threats are still accessible to users!" >> $tmpf
echo "To enable, set quarantine_hits=1 and/or to quarantine hits from this scan run:" >> $tmpf
echo -e "/usr/local/sbin/maldet -q $datestamp.$$\n" >> $tmpf
fi
if [ "$quarantine_clean" == "1" ]; then
if [ "$type" == "scan" ] && [ -f "$sessdir/clean.$$" ] && [ ! -z "$(cat $sessdir/clean.$$)" ]; then
cleaned_list="$sessdir/clean.$$"
elif [ "$type" == "digest" ] && [ -f "$tmpdir/.digest.clean.hits" ] && [ ! "$tot_cl" == "0" ]; then
cleaned_list="$tmpdir/.digest.clean.hits"
fi
if [ -f "$cleaned_list" ]; then
cat >> $tmpf <<EOF
CLEANED & RESTORED FILES:
$(cat $cleaned_list)
EOF
fi
if [ "$quarantine_suspend_user" == "1" ]; then
if [ -f "$sessdir/suspend.users.$$" ] && [ ! -z "$(cat $sessdir/suspend.users.$$)" ]; then
suspended_list="$sessdir/suspend.users.$$"
elif [ "$type" == "digest" ] && [ -f "$tmpdir/.digest.susp.hits" ] && [ ! "$tot_susp" == "0" ]; then
suspended_list="$tmpdir/.digest.susp.hits"
fi
if [ -f "$suspended_list" ]; then
cat >> $tmpf <<EOF
SUSPENDED ACCOUNTS:
$(cat "$suspended_list")
EOF
fi
fi
fi
if [ ! "$tot_hits" == "0" ]; then
if [ "$type" == "digest" ]; then
hitlist_file="$tmpdir/.digest.alert.hits"
else
hitlist_file="$scan_session"
fi
if [ -f "$hitlist_file" ]; then
echo "FILE HIT LIST:" >> $tmpf
if [ "$coltest" ]; then
cat $hitlist_file | column -s ':' -t -o ':' >> $tmpf
else
cat $hitlist_file >> $tmpf
if [ "$enable_statistic" == "1" ]; then
export IFS=$(echo -en "\n\b")
for showhit in `cat $hitlist_file`; do
curl --output /dev/null --silent --show-error -XPOST "${elk_host}:${elk_port}/$(if [ $elk_index != '' ]; then echo "${elk_index}/message"; fi )" -H 'Content-Type: application/json' -d "$(echo $showhit|awk -v date=$(date +%s) -v hostname=$(hostname) '{print "{\"date\" : \""date"\", \"hit\" : \""$1"\", \"file\" : \""$3"\", \"hostname\" : \""hostname"\"}"}')"
done
export IFS=' '
fi
fi
fi
fi
cat >> $tmpf <<EOF
===============================================
Linux Malware Detect v$ver < proj@rfxn.com >
EOF