修改病毒扫描时间为凌晨

This commit is contained in:
aixiao 2023-02-14 09:30:32 +08:00
parent 5f1c1af36b
commit da8473a3ec
3 changed files with 1273 additions and 1261 deletions

View File

@ -1,6 +1,8 @@
# denyhosts # denyhosts
- 拒绝主机&杀毒 - 拒绝主机&杀毒
```
```text
适用系统: 适用系统:
Debian 11 Debian 11
Centos 7 Centos 7
@ -9,7 +11,8 @@
支持钉钉告警和邮件告 支持钉钉告警和邮件告
支持第三方QQ邮箱告警 支持第三方QQ邮箱告警
``` ```
```
```text
Debian Debian
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
apt -y install libclamav-dev libip4tc-dev libcurl4-openssl-dev #(或者libcurl4-gnutls-dev) apt -y install libclamav-dev libip4tc-dev libcurl4-openssl-dev #(或者libcurl4-gnutls-dev)
@ -26,7 +29,7 @@ Debian
update-alternatives --set ebtables /usr/sbin/ebtables-legacy update-alternatives --set ebtables /usr/sbin/ebtables-legacy
``` ```
``` ```text
Centos 7 Centos 7
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
yum install clamav clamav-update clamav-lib clamav-devel json-c-devel pcre2-devel yum install clamav clamav-update clamav-lib clamav-devel json-c-devel pcre2-devel
@ -43,10 +46,7 @@ Centos 7
freshclam # 更新病毒库(必要) freshclam # 更新病毒库(必要)
``` ```
```text
```
用法 用法
cd /root cd /root
git clone https://git.aixiao.me/aixiao/denyhosts git clone https://git.aixiao.me/aixiao/denyhosts
@ -72,8 +72,7 @@ killall rhost
``` ```
```text
```
配置文件 配置文件
global { global {
@ -91,7 +90,7 @@ global {
CLAMAV = 1; // clamav 是否扫描病毒(1开启,非1关闭) CLAMAV = 1; // clamav 是否扫描病毒(1开启,非1关闭)
CLAMAV_ARG = "-r / --exclude-dir=^/sys|^/dev|^/proc|^/opt/infected|^/root|^/home|^/mnt|^/usr|^/var --move=/opt/infected --max-filesize 1024M -l clamscan.log"; CLAMAV_ARG = "-r / --exclude-dir=^/sys|^/dev|^/proc|^/opt/infected|^/root|^/home|^/mnt|^/usr|^/var --move=/opt/infected --max-filesize 1024M -l clamscan.log";
CLAMAV_TIME = "* 35 16 * * *"; // clamav 扫描时间(Cron格式, 秒 分 时 天 月 周) CLAMAV_TIME = "* 1 4 * * *"; // clamav 扫描时间(Cron格式, 秒 分 时 天 月 周)
IPV4_RESTRICTION = 1; // 是否启用IP白名单(1开启,非1关闭) IPV4_RESTRICTION = 1; // 是否启用IP白名单(1开启,非1关闭)
@ -99,8 +98,8 @@ global {
REGION = 1; // 是否启用地域白名单(1开启,非1关闭) REGION = 1; // 是否启用地域白名单(1开启,非1关闭)
IP2REGION = 1; // 是否使用 ip2region 地址定位库(1使用,非1不使用) IP2REGION = 1; // 是否使用本地 ip2region 地址定位库(1使用,非1不使用)
//REGION_URL = "http://opendata.baidu.com/api.php?query=%s&co=&resource_id=6006&oe=utf8"; // 获取IP地域 //REGION_URL = "http://opendata.baidu.com/api.php?query=%s&co=&resource_id=6006&oe=utf8"; // 获取IP地域(aliyun付费API, 弃用)
REGION_URL = "https://api01.aliyun.venuscn.com/ip?ip=%s -H Authorization:APPCODE a1d842b8afda418c8ea24271a4e16b1f"; REGION_URL = "https://api01.aliyun.venuscn.com/ip?ip=%s -H Authorization:APPCODE a1d842b8afda418c8ea24271a4e16b1f";
REGION_LIST = "河南 郑州 上海"; // 地域列表(空格隔开) REGION_LIST = "河南 郑州 上海"; // 地域列表(空格隔开)

45
rhost.c
View File

@ -232,7 +232,7 @@ int dingding_warning(char *illegal_ip, char *public_ip, char *ip, conf * conf)
} \ } \
}" }"
sprintf(jsonObj, JSIN, conf->PHONE, temp, ip, illegal_ip, conf->PHONE); snprintf(jsonObj, BUFFER, JSIN, conf->PHONE, temp, ip, illegal_ip, conf->PHONE);
printf("%s\n", jsonObj); printf("%s\n", jsonObj);
struct curl_slist *headers = NULL; struct curl_slist *headers = NULL;
@ -272,7 +272,7 @@ int mail_warning(char *illegal_ip, char *public_ip, char *ip, conf * conf)
strcpy(temp, public_ip); strcpy(temp, public_ip);
temp[strlen(public_ip) - 1] = '\0'; temp[strlen(public_ip) - 1] = '\0';
sprintf(text, "echo \"主机:%s, 禁止(%s%s)访问\" | mail -s \"System ban IP\" %s", temp, ip, illegal_ip, conf->RECV_MAIL); snprintf(text, BUFFER, "echo \"主机:%s, 禁止(%s%s)访问\" | mail -s \"System ban IP\" %s", temp, ip, illegal_ip, conf->RECV_MAIL);
if (NULL == (fp = popen(text, "r"))) if (NULL == (fp = popen(text, "r")))
{ {
@ -304,8 +304,10 @@ int QQ_mail_warning(char *illegal_ip, char *public_ip, char *ip, conf * conf)
strcpy(temp, public_ip); strcpy(temp, public_ip);
temp[strlen(public_ip) - 1] = '\0'; temp[strlen(public_ip) - 1] = '\0';
sprintf(text, "主机:%s, 禁止(%s%s)访问!", temp, ip, illegal_ip); //sprintf(text, "主机:%s, 禁止(%s%s)访问!", temp, ip, illegal_ip);
sprintf(string, QQMAIL, conf->RECV_MAIL, text); //sprintf(string, QQMAIL, conf->RECV_MAIL, text);
snprintf(text, BUFFER, "主机:%s, 禁止(%s%s)访问!", temp, ip, illegal_ip);
snprintf(string, BUFFER + (sizeof(QQMAIL)) + 1, QQMAIL, conf->RECV_MAIL, text);
return system(string); return system(string);
} }
@ -328,8 +330,10 @@ int QQ_mail_warning_Virus_files(char *local_ip, int Virus_number, conf * conf)
strcpy(temp, local_ip); strcpy(temp, local_ip);
temp[strlen(local_ip) - 1] = '\0'; temp[strlen(local_ip) - 1] = '\0';
sprintf(text, "Host:%s, Infected files: %d, Please handle!", temp, Virus_number); //sprintf(text, "Host:%s, Infected files: %d, Please handle!", temp, Virus_number);
sprintf(command, QQMAIL_Virus, conf->RECV_MAIL, text); //sprintf(command, QQMAIL_Virus, conf->RECV_MAIL, text);
snprintf(text, BUFFER, "Host:%s, Infected files: %d, Please handle!", temp, Virus_number);
snprintf(command, BUFFER+BUFFER + (sizeof(QQMAIL)) + 1, QQMAIL_Virus, conf->RECV_MAIL, text);
return system(command); return system(command);
} }
@ -352,8 +356,11 @@ int QQ_mail_warning_Disk_Use(char *local_ip, int disk_use, conf * conf)
strcpy(temp, local_ip); strcpy(temp, local_ip);
temp[strlen(local_ip) - 1] = '\0'; temp[strlen(local_ip) - 1] = '\0';
sprintf(text, "Host:%s, Disk usage reaches threshold!, Please handle!", temp); //sprintf(text, "Host:%s, Disk usage reaches threshold!, Please handle!", temp);
sprintf(command, QQMAIL_DISK_USE, conf->RECV_MAIL, text); //sprintf(command, QQMAIL_DISK_USE, conf->RECV_MAIL, text);
snprintf(text, BUFFER, "Host:%s, Disk usage reaches threshold!, Please handle!", temp);
snprintf(command, BUFFER, QQMAIL_DISK_USE, conf->RECV_MAIL, text);
return system(command); return system(command);
} }
@ -443,7 +450,9 @@ int disk_waring(int threshold)
memset(buffer, 0, BUFFER); memset(buffer, 0, BUFFER);
memset(command, 0, BUFFER); memset(command, 0, BUFFER);
sprintf(command, DF, threshold); //sprintf(command, DF, threshold);
snprintf(command, BUFFER, DF, threshold);
//printf("%s\n", command); //printf("%s\n", command);
fp = popen(command, "r"); fp = popen(command, "r");
@ -737,17 +746,19 @@ static void sig_child(int signo)
static int get_executable_path(char *processdir, char *processname, int len) static int get_executable_path(char *processdir, char *processname, int len)
{ {
char *filename;
char *processname_ptr;
if (readlink("/proc/self/exe", processdir, len) <= 0) if (readlink("/proc/self/exe", processdir, len) <= 0)
return -1; return -1;
filename = strrchr(processdir, '/'); if ((processname_ptr = strrchr(processdir, '/')) == NULL)
if (filename == NULL)
return -1; return -1;
++filename; processname_ptr++;
strcpy(processname, filename); strcpy(processname, processname_ptr);
*filename = '\0'; *processname_ptr = '\0';
return (int)(filename - processdir);
return (int)(processname_ptr - processdir);
} }
// 处理参数 // 处理参数
@ -1173,6 +1184,8 @@ goto_daemon:
int r = 0; int r = 0;
int virus_files = -1; int virus_files = -1;
// 扫描病毒前,更新病毒库
update_freshclam(argc, argv);
r = _clamscan(head_argc, head_argvs); r = _clamscan(head_argc, head_argvs);
virus_files = get_clamav_log("clamscan.log"); virus_files = get_clamav_log("clamscan.log");

View File

@ -14,7 +14,7 @@ global {
CLAMAV = 1; // clamav 是否扫描病毒(1开启,非1关闭) CLAMAV = 1; // clamav 是否扫描病毒(1开启,非1关闭)
CLAMAV_ARG = "-r / --exclude-dir=^/sys|^/dev|^/proc|^/opt/infected|^/root|^/home|^/mnt|^/usr|^/var --move=/opt/infected --max-filesize 1024M -l clamscan.log"; CLAMAV_ARG = "-r / --exclude-dir=^/sys|^/dev|^/proc|^/opt/infected|^/root|^/home|^/mnt|^/usr|^/var --move=/opt/infected --max-filesize 1024M -l clamscan.log";
CLAMAV_TIME = "* 35 16 * * *"; // clamav 扫描时间(Cron格式, 秒 分 时 天 月 周) CLAMAV_TIME = "* 1 4 * * *"; // clamav 扫描时间(Cron格式, 秒 分 时 天 月 周)
IPV4_RESTRICTION = 1; // 是否启用IP白名单(1开启,非1关闭) IPV4_RESTRICTION = 1; // 是否启用IP白名单(1开启,非1关闭)