Почему maldet не отправляет отчет по почте?
Postfix запущен. Я пытаюсь отправить отчет о мальдете по почте, но он выдает ошибку, я не знаю почему?
[root@do ~]# maldet --report 170321-0115.21534 xxx@xxx.com
Linux Malware Detect v1.6
(C) 2002-2017, R-fx Networks <proj@rfxn.com>
(C) 2017, Ryan MacDonald <ryan@rfxn.com>
This program may be freely redistributed under the terms of the GNU GPL v2
/usr/local/maldetect/internals/functions: line 608: -s: command not found
maldet(18718): {report} report ID 170321-0115.21534 sent to xxx@xxx.com
А это строка 608
if [ -f "$sessdir/session.$rid" ] && [ ! -z "$(echo $2 | grep '\@')" ]; th$
cat $sessdir/session.$rid | $mail -s "$email_subj" "$2"
eout "{report} report ID $rid sent to $2" 1
exit
0
Rui F Ribeiro
25.08.2018, 21:19
Ссылка
2 ответа
Переменная $ mail пуста, потому что командная почта не установлена.
Запустите apt-get install mailx (debian или ubuntu) или yum install -y mailx (centos или redhat)
1
Victor Jerlin
28.01.2020, 02:46
Ссылка
В некоторых установках может возникнуть указанная ниже ошибка из-за отсутствия команды mail:
/usr/local/maldetect/internals/functions: строка 647: -s: команда не найдена
Если у вас установлен sendmail, вы можете использовать diff ниже, чтобы добавить sendmail поддержка отправки по электронной почте:
diff --git a/files/internals/functions b/files/internals/functions
index f3e0a1a..acdb1b9 100644
--- a/files/internals/functions
+++ b/files/internals/functions
@@ -108,6 +108,10 @@ prerun() {
if [ ! -f "$mail" ] || [ -z "$mail" ]; then
email_alert=0
fi
+
+ if [ "$email_alert" == "0" ] && [ -f "$sendmail" ]; then
+ email_alert=1
+ fi
if [ ! -f "$sig_cust_hex_file" ]; then
touch $sig_cust_hex_file
@@ -644,8 +648,19 @@ view_report() {
fi
fi
if [ -f "$sessdir/session.$rid" ] && [ ! -z "$(echo $2 | grep '\@')" ]; then
- cat $sessdir/session.$rid | $mail -s "$email_subj" "$2"
- eout "{report} report ID $rid sent to $2" 1
+ if [ -f "$mail" ]; then
+ cat $sessdir/session.$rid | $mail -s "$email_subj" "$2"
+ elif [ -f "$sendmail" ]; then
+ if ! grep -q "SUBJECT: " "$sessdir/session.$rid"; then
+ echo -e "SUBJECT: $email_subj\n$(cat $sessdir/session.$rid)" > $sessdir/session.$rid
+ fi
+ cat $sessdir/session.$rid | $sendmail -t "$2"
+ else
+ eout "{scan} no \$mail or \$sendmail binaries found, e-mail alerts disabled."
+ exit
+ fi
+
+ eout "{report} report ID $rid sent to $2" 1
exit
fi
if [ "$rid" == "" ] && [ -f "$sessdir/session.last" ]; then
@@ -1073,8 +1088,8 @@ scan() {
eout "{scan.hook} scan of $spath in progress (id: $datestamp.$$)"
fi
cnt=0
- if [ -z "$mail" ]; then
- eout "{scan} no \$mail binary found, e-mail alerts disabled."
+ if [ -z "$mail" ] && [ -z "$sendmail" ]; then
+ eout "{scan} no \$mail or \$sendmail binaries found, e-mail alerts disabled."
fi
if [ -f "$clamscan" ] && [ "$scan_clamscan" == "1" ]; then
if [ -z "$hscan" ]; then
@@ -1309,7 +1324,16 @@ genalert() {
file="$2"
if [ "$email_alert" == "1" ] || [ "$type" == "digest" ] || [ "$type" == "daily" ]; then
if [ "$type" == "file" ] && [ -f "$file" ]; then
- cat $file | $mail -s "$email_subj" $email_addr
+ if [ -f "$mail" ]; then
+ cat $file | $mail -s "$email_subj" $email_addr
+ elif [ -f "$sendmail" ]; then
+ if ! grep -q "SUBJECT: " "$file"; then
+ echo -e "SUBJECT: $email_subj\n$(cat $file)" > $file
+ fi
+ cat $file | $sendmail -t $email_addr
+ else
+ eout "{scan} no \$mail or \$sendmail binaries found, e-mail alerts disabled."
+ fi
if [ ! "$(whoami)" == "root" ] && [ -z "$(echo $2 | grep '\@')" ]; then
if [ -z "$hscan" ]; then
eout "{alert} sent scan report to config default $email_addr" 1
@@ -1353,8 +1377,18 @@ genalert() {
grep -E '^{.*}' $sessdir/session.$scanid > $sessdir/session.hits.$scanid
echo "$scanid" > $sessdir/session.last
email_subj="${email_subj}: monitor summary"
- cat $tmpf | $mail -s "$email_subj" $email_addr
- eout "{alert} sent $type alert to $email_addr"
+ if [ -f "$mail" ]; then
+ cat $tmpf | $mail -s "$email_subj" $email_addr
+ eout "{alert} sent $type alert to $email_addr"
+ elif [ -f "$sendmail" ]; then
+ if ! grep -q "SUBJECT: " "$tmpf"; then
+ echo -e "SUBJECT: $email_subj\n$(cat $tmpf)" > $tmpf
+ fi
+ cat $tmpf | $sendmail -t $email_addr
+ eout "{alert} sent $type alert to $email_addr"
+ else
+ eout "{scan} no \$mail or \$sendmail binaries found, e-mail alerts disabled."
+ fi
rm -f $tmpf $tmpdir/.digest.alert.hits $tmpdir/.digest.clean.hits $tmpdir/.digest.monitor.alert $tmpdir/.digest.susp.hits
fi
else
diff --git a/files/internals/internals.conf b/files/internals/internals.conf
index c998fd3..1291960 100644
--- a/files/internals/internals.conf
+++ b/files/internals/internals.conf
@@ -44,6 +44,7 @@ cpulimit=`which cpulimit 2> /dev/null`
ionice=`which ionice 2> /dev/null`
wc=`which wc 2> /dev/null`
mail=`which mail 2> /dev/null`
+sendmail=`which sendmail 2> /dev/null`
pidof=`which pidof 2> /dev/null`
sed=`which sed 2> /dev/null`
stat=`which stat 2> /dev/null`
--
1.8.3.2
Фактическая фиксация доступна по ссылке ниже:
Вышеприведенное основано на Linux Malware Detect v1.6.1.
0
Richard Feraro
28.01.2020, 02:46
Ссылка