CWP Security Tools Installation Script for AlmaLinux 8.10 - Maldet, RKhunter, and Lynis

cwp-security-install.sh

#!/bin/bash
# Manual Installation Script for Security Tools on CWP
# Optimized for AlmaLinux 8.10 (Cerulean Leopard)
# Server: Intel Core Processor (Broadwell) - 8 Core (2200 MHz)
# Email: [email protected]
# Run as root user

echo "========================================"
echo "CWP Security Tools Installation Script"
echo "Server: AlmaLinux 8.10 (Cerulean Leopard)"
echo "Installing: Maldet, RKhunter, and Lynis"
echo "Email: [email protected]"
echo "========================================"

# Update system packages first
echo "Updating system packages..."
dnf update -y

# Install EPEL repository (required for some packages)
echo "Installing EPEL repository..."
dnf install -y epel-release
dnf config-manager --set-enabled powertools

# ========================================
# 1. INSTALL LINUX MALWARE DETECT (MALDET)
# ========================================
echo "Installing Linux Malware Detect (Maldet)..."

cd /usr/local/src
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -zxvf maldetect-current.tar.gz
cd maldetect-*
./install.sh

# Configure Maldet
echo "Configuring Maldet..."
# Enable email notifications
sed -i 's/email_alert="0"/email_alert="1"/' /usr/local/maldetect/conf.maldet
sed -i 's/email_addr="[email protected]"/email_addr="[email protected]"/' /usr/local/maldetect/conf.maldet

# Enable automatic quarantine
sed -i 's/quarantine_hits="1"/quarantine_hits="1"/' /usr/local/maldetect/conf.maldet
sed -i 's/quarantine_clean="0"/quarantine_clean="1"/' /usr/local/maldetect/conf.maldet

# Optimize for your 8-core system
sed -i 's/scan_max_filesize="1000000"/scan_max_filesize="2000000"/' /usr/local/maldetect/conf.maldet
sed -i 's/scan_hexdepth="500000"/scan_hexdepth="1000000"/' /usr/local/maldetect/conf.maldet

# Update signatures
/usr/local/maldetect/maldet --update-ver
/usr/local/maldetect/maldet --update

echo "Maldet installation completed!"

# ========================================
# 2. INSTALL RKHUNTER (ROOTKIT HUNTER)
# ========================================
echo "Installing RKhunter (Rootkit Hunter)..."

# Method 1: Install from EPEL repository (recommended for AlmaLinux 8)
dnf install -y rkhunter

# Alternative Method 2: Manual installation from source (if EPEL version is outdated)
# cd /usr/local/src
# wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.6/rkhunter-1.4.6.tar.gz
# tar -xvf rkhunter-1.4.6.tar.gz
# cd rkhunter-1.4.6
# ./installer.sh --layout default --install

# Configure RKhunter
echo "Configuring RKhunter..."

# Create initial database
rkhunter --update
rkhunter --propupd

# Configure email notifications
sed -i 's/#[email protected]/[email protected]/' /etc/rkhunter.conf
sed -i 's/#MAIL_CMD=mail -s "\[rkhunter\] Warnings found for \${HOST_NAME}"/MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}"/' /etc/rkhunter.conf

# Configure for AlmaLinux 8 specifics
sed -i 's/#PKGMGR=RPM/PKGMGR=RPM/' /etc/rkhunter.conf
sed -i 's/#ALLOW_SSH_ROOT_USER=no/ALLOW_SSH_ROOT_USER=yes/' /etc/rkhunter.conf

# Create daily cron job for RKhunter
cat > /etc/cron.daily/rkhunter.sh << 'EOF'
#!/bin/bash
# RKhunter Daily Scan - AlmaLinux 8.10 Optimized
(
echo "RKhunter Daily Scan Report - AlmaLinux 8.10"
echo "Server: Intel Core Processor (Broadwell) - 8 Core"
echo "Date: $(date)"
echo "----------------------------------------"
/usr/bin/rkhunter --versioncheck --nocolors
/usr/bin/rkhunter --update --nocolors
/usr/bin/rkhunter --cronjob --report-warnings-only --nocolors
echo "----------------------------------------"
echo "Scan completed at: $(date)"
) | /bin/mail -s 'RKhunter Daily Scan - AlmaLinux Server' [email protected]
EOF

chmod 755 /etc/cron.daily/rkhunter.sh

echo "RKhunter installation completed!"

# ========================================
# 3. INSTALL LYNIS (SYSTEM AUDITOR)
# ========================================
echo "Installing Lynis (System Security Auditor)..."

# Install from EPEL repository
dnf install -y lynis

# Alternative manual installation for latest version:
# cd /usr/local/src
# wget https://downloads.cisofy.com/lynis/lynis-3.0.9.tar.gz
# tar -xzf lynis-3.0.9.tar.gz
# cd lynis
# chmod +x lynis
# cp lynis /usr/local/bin/
# mkdir -p /usr/local/share/lynis
# cp -r include plugins db /usr/local/share/lynis/

# Update Lynis database
lynis update info 2>/dev/null || echo "Lynis update completed"

echo "Lynis installation completed!"

# ========================================
# 4. INSTALL ADDITIONAL TOOLS (Optional)
# ========================================
echo "Installing additional security tools..."

# Install inotify-tools for real-time monitoring with Maldet
dnf install -y inotify-tools

# Install chkrootkit as additional rootkit scanner
dnf install -y chkrootkit

# Install mail utilities for email notifications
dnf install -y mailx postfix
systemctl enable postfix
systemctl start postfix

echo "Additional tools installation completed!"

# ========================================
# 5. SETUP AUTOMATED SCANNING
# ========================================
echo "Setting up automated scanning..."

# Create Maldet daily scan optimized for 8-core system
cat > /etc/cron.daily/maldet.sh << 'EOF'
#!/bin/bash
# Daily Maldet scan - Optimized for 8-core Intel Broadwell
SCAN_DATE=$(date +"%Y-%m-%d")
LOG_FILE="/var/log/maldet-daily-${SCAN_DATE}.log"

echo "Maldet Daily Scan - AlmaLinux 8.10" > $LOG_FILE
echo "Server: Intel Core Processor (Broadwell) - 8 Core" >> $LOG_FILE
echo "Date: $(date)" >> $LOG_FILE
echo "===========================================" >> $LOG_FILE

# Scan home directories with parallel processing
/usr/local/maldetect/maldet -a /home >> $LOG_FILE 2>&1

echo "===========================================" >> $LOG_FILE
echo "Scan completed at: $(date)" >> $LOG_FILE

# Send email report
mail -s "Maldet Daily Scan Report - AlmaLinux Server" [email protected] < $LOG_FILE
EOF

chmod 755 /etc/cron.daily/maldet.sh

# Create weekly Lynis audit
cat > /etc/cron.weekly/lynis.sh << 'EOF'
#!/bin/bash
# Weekly Lynis security audit - AlmaLinux 8.10 Optimized
SCAN_DATE=$(date +"%Y-%m-%d")
LYNIS_LOG="/var/log/lynis-weekly-${SCAN_DATE}.log"

echo "Lynis Weekly Security Audit - AlmaLinux 8.10" > $LYNIS_LOG
echo "Server: Intel Core Processor (Broadwell) - 8 Core (2200 MHz)" >> $LYNIS_LOG
echo "Kernel: $(uname -r)" >> $LYNIS_LOG
echo "Date: $(date)" >> $LYNIS_LOG
echo "=================================================" >> $LYNIS_LOG

# Run comprehensive audit
lynis audit system --quick >> $LYNIS_LOG 2>&1

echo "=================================================" >> $LYNIS_LOG
echo "Audit completed at: $(date)" >> $LYNIS_LOG

# Send detailed email report
mail -s "Weekly Lynis Security Audit - AlmaLinux Server" [email protected] < $LYNIS_LOG
EOF

chmod 755 /etc/cron.weekly/lynis.sh

echo "Automated scanning setup completed!"

# ========================================
# 6. VERIFICATION AND TESTING
# ========================================
echo "Verifying installations..."

# Check Maldet
echo "Checking Maldet version:"
/usr/local/maldetect/maldet --version

# Check RKhunter
echo "Checking RKhunter version:"
rkhunter --version

# Check Lynis
echo "Checking Lynis version:"
lynis --version

echo "========================================"
echo "Installation Summary:"
echo "========================================"
echo "✓ Maldet: Installed and configured"
echo "✓ RKhunter: Installed and configured"  
echo "✓ Lynis: Installed and configured"
echo "✓ Daily/Weekly scans scheduled"
echo ""
echo "Configuration files:"
echo "- Maldet config: /usr/local/maldetect/conf.maldet"
echo "- RKhunter config: /etc/rkhunter.conf"
echo "- Lynis config: /etc/lynis/default.prf"
echo ""
echo "Log files:"
echo "- Maldet logs: /usr/local/maldetect/logs/"
echo "- RKhunter logs: /var/log/rkhunter/"
echo "- Lynis logs: /var/log/lynis.log"
echo ""
echo "Manual scan commands:"
echo "- Maldet: maldet -a /path/to/scan"
echo "- RKhunter: rkhunter --check"
echo "- Lynis: lynis audit system"
echo "========================================"

echo "IMPORTANT: Please verify email configuration:"
echo "1. /usr/local/maldetect/conf.maldet ([email protected])"
echo "2. /etc/rkhunter.conf ([email protected])"
echo "3. /etc/cron.daily/rkhunter.sh"
echo "4. /etc/cron.weekly/lynis.sh"
echo ""
echo "Email service status:"
systemctl status postfix --no-pager -l
echo ""
echo "Next scheduled runs:"
echo "- Daily scans: $(ls -la /etc/cron.daily/maldet.sh /etc/cron.daily/rkhunter.sh 2>/dev/null)"
echo "- Weekly audit: $(ls -la /etc/cron.weekly/lynis.sh 2>/dev/null)"
echo ""
echo "Installation completed successfully for AlmaLinux 8.10!"
echo "========================================"

CWP Security Tools Installation Script

Automated installation script for security tools on CWP (CentOS Web Panel) running AlmaLinux 8.10.

What it installs:

• Maldet (Linux Malware Detect) - Malware scanner
• RKhunter (Rootkit Hunter) - Rootkit and backdoor scanner
• Lynis - Security auditing tool

Server Specifications:

• AlmaLinux 8.10 (Cerulean Leopard)
• Intel Core Processor (Broadwell) - 8 Core (2200 MHz)
• Optimized for CWP environment

Usage:

Quick Install:

curl -sL https://gist.github.com/muyaedward/5604ba9a9ffc922fa1b2aa0087d94630/raw/cwp-security-install.sh | sudo bash