65 lines
3.4 KiB
Bash
65 lines
3.4 KiB
Bash
#!/bin/bash
|
|
# ============================================================
|
|
# anti-malware.sh — Anti-malware and rootkit detection stack
|
|
# ============================================================
|
|
# Installs ClamAV (antivirus), ClamTk (GUI front-end), rkhunter
|
|
# (rootkit hunter), and chkrootkit (AUR rootkit scanner) so the
|
|
# system has layered malware-detection coverage. These tools are
|
|
# optional because most home Arch desktops don't need a resident
|
|
# scanner, but they are valuable on machines that handle
|
|
# untrusted files or shared network storage.
|
|
# ============================================================
|
|
|
|
set -euo pipefail
|
|
# Load shared logging helpers (log, skip, warn) from the dotfiles lib
|
|
source "$(dirname "${BASH_SOURCE[0]}")/../../lib/logging.sh"
|
|
|
|
# ── Core packages via pacman ──────────────────────────────────────────────────
|
|
# clamav: the open-source antivirus engine and CLI scanner (clamscan, clamdscan)
|
|
# clamtk: optional GTK GUI for ClamAV, useful for one-off scans without the CLI
|
|
# rkhunter: scans for known rootkits, backdoors, and suspicious local changes
|
|
log "Installing anti-malware tools (clamav, clamtk, rkhunter)..."
|
|
sudo pacman -S --noconfirm --needed \
|
|
clamav clamtk rkhunter
|
|
|
|
# ── chkrootkit (AUR) ─────────────────────────────────────────────────────────
|
|
# chkrootkit: a second rootkit scanner; complements rkhunter with different
|
|
# detection heuristics. Available from AUR only (not in the official repos).
|
|
log "Installing chkrootkit (AUR)..."
|
|
yay -S --aur --noconfirm --needed chkrootkit
|
|
|
|
# ── Initial ClamAV virus database ────────────────────────────────────────────
|
|
# freshclam downloads the official ClamAV virus-definition database.
|
|
# We only run it when the main database file is absent to avoid a redundant
|
|
# download on repeat runs of the installer.
|
|
# main.cvd = compressed virus database (fresh download)
|
|
# main.cld = incremental update (already exists if previously initialised)
|
|
if [[ ! -f /var/lib/clamav/main.cvd ]] && [[ ! -f /var/lib/clamav/main.cld ]]; then
|
|
log "Running initial freshclam (virus database update)..."
|
|
sudo freshclam
|
|
else
|
|
skip "ClamAV database already present."
|
|
fi
|
|
|
|
# ── Cron job for automatic virus-definition updates ──────────────────────────
|
|
# ClamAV definitions become stale quickly; running freshclam twice daily keeps
|
|
# the scanner effective. We write a system-wide cron snippet to /etc/cron.d/
|
|
# rather than a user crontab so the update runs even when no user is logged in.
|
|
# The quiet flag suppresses normal output; stderr is discarded so cron mail is
|
|
# not generated on success.
|
|
CRON_FILE=/etc/cron.d/freshclam
|
|
if [[ ! -f "$CRON_FILE" ]]; then
|
|
log "Installing freshclam cron job (twice daily)..."
|
|
# tee writes to the privileged path without running the whole script as root
|
|
sudo tee "$CRON_FILE" > /dev/null <<'EOF'
|
|
# Update ClamAV virus definitions twice a day
|
|
0 */12 * * * root /usr/bin/freshclam --quiet 2>/dev/null
|
|
EOF
|
|
# 644 = readable by all (cron needs to read it), writable only by root
|
|
sudo chmod 644 "$CRON_FILE"
|
|
else
|
|
skip "freshclam cron job already configured."
|
|
fi
|
|
|
|
log "Anti-malware tools installed."
|