Hi,
Built-in notifications for detected malware are already there in Imunify360: https://docs.imunify360.com/features...lware-detected
-
The script didnt worked for me, hooks.log says below error, any help will be much appreciated
root@srv1 [~]# cat /var/log/imunify360/hook.log
1609894101 : 53fb7664-36fa-4187-9ee9-a47a76992836 : started : malware-detected : critical : /root/hooks/hooks.php
1609894101 : 53fb7664-36fa-4187-9ee9-a47a76992836 : done : malware-detected : critical : /root/hooks/hooks.php : ERROR:2
/root/hooks/hooks.php: line 4: ?php: No such file or directory
/root/hooks/hooks.php: line 5: syntax error near unexpected token `(
/root/hooks/hooks.php: line 5: `$hostname = gethostname();Leave a comment:
-
@Nick I know this is an old post, but I wanted to thank you for taking time to document this solution. It is currently impossible to find any good examples of a hook like this, and your example is exactly what I wanted... to notify root upon finding malware. It works PERFECTLY. Thank you again!!
- ScottLeave a comment:
-
> It is much better when server admin get detailed email report of all infections when daily scan run like maldet.
Hello Jawed, thanks for following up!
We plan to release this feature on Q1 2020.
If you have any other questions, feel free to ask here. Thank you for contacting us.Leave a comment:
-
It is much better when server admin get detailed email report of all infections when daily scan run like maldet.Leave a comment:
-
Hello Nick,
Thank you for following up! For our part, we can add that CloudLinux is not responsible for this script. Everyone can use it at their discretion. We recommend making a repo on github and uploading the code there.
Thanks.Leave a comment:
-
Imunify hook to send email to admin on infection
Hello all
Since i could not find any option to notify admins when an infection occurs, i have modified this script to do the job
I have tested it by uploading infected files with ftp and cpanel file editor and it seems OK
It sends email to cpanel contact emails with infection path and infection type
This is the first beta , it has many improve potentials
Feel free to test
cd
mkdir hooks
cd hooks
vi hooks.php
### php begins###
#!/usr/local/bin/php -q
<?php
$hostname = gethostname();
stream_set_blocking(STDIN, 0);
$stdin = fopen(php://stdin, r);
$data = stream_get_contents($stdin);
$json = json_decode(trim($data), true);
$output = null;
switch ($json[event]) {
case malware-detected:
$subtype = $json[subtype];
$total_malicious = $json[params][total_malicious];
$report = json_decode(file_get_contents($json[params][tmp_filename]), true);
$by_users = array();
foreach ($report as $entry) {
if (!isset($by_users[$entry[username]]))
{
$by_users[$entry[username]] = array();
}
$by_users[$entry[username]][] = $entry;
}
foreach ($by_users as $user => $user_row)
{
$output.=date(Ymd H:i:s)."
"."Subtype:".$subtype."
";
$output.=User .$user. has .count($user_row). infections;
foreach ($user_row as $fkey => $user_row_item)
{
$output.="
".$user_row_item[file]. .$user_row_item[type]. .$user_row_item[scan_type];
}
$output.="
";
}
break;
}
if($output)
{
$subject = "Imunify on ".$hostname. (Infections:.$total_malicious.);
$recipient = root;
$headers="From: ".$hostname."<root@".$hostname.">
X-Mailer: PHP
Content-type: text/plain; charset=UTF-8";
mail($recipient, $subject, $output, $headers);
}
?>
####php end###
chmod 700 hooks.php
imunify360-agent hook add --event malware-detected --path /root/hooks/hooks.php
Leave a comment: