Get status of MalDet hits

Overview

Get the status of files found in maldet scans. There are several different functions that can then be run.

Script

There are two main versions:

1) Look at only the last scan

2) Look at the entire log

Last Scan Version

[bash,n]for i in $(cat /usr/local/maldetect/sess/session.`cat /usr/local/maldetect/sess/session.last` | grep "{HEX}\|{MD5}" | awk '{print $3}'); do ls -lah $i 2>/dev/null; done

All Scans Version

[bash,n]for i in $(grep "malware hit" /usr/local/maldetect/event_log | grep "{hexstring}\|{md5hash}" | awk '{print $11}'); do ls -lah $i 2>/dev/null; done

What to change

Remove everything between the do and done

Read Files

[bash,n]vim $i;

Chmod 000

[bash,n]chmod 000 $i;

Remove

[bash,n]rm -f $i;

Other uses

Check Directory Permissions

[bash,n]for i in $(cat /usr/local/maldetect/sess/session.`cat /usr/local/maldetect/sess/session.last` | grep "{HEX}\|{MD5}" | awk '{print $3}' | rev | cut -d "/" -f2- | rev | uniq); do ls -ldh $i 2>/dev/null; done

Chmod 644 (images)

[bash,n]for i in $(grep "malware hit" /usr/local/maldetect/event_log | grep "{hexstring}\|{md5hash}" | awk '{print $11}' | rev | cut -d "/" -f2- | rev | uniq | grep "image"); do chmod 0744 $i ; done

Chmod 755 (other)

[bash,n]for i in $(grep "malware hit" /usr/local/maldetect/event_log | grep "{hexstring}\|{md5hash}" | awk '{print $11}' | rev | cut -d "/" -f2- | rev | uniq | grep -v "image"); do chmod 0755 $i ; done