Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Configure clamav on MacOS #133

Closed
wants to merge 2 commits into from
Closed
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 30 additions & 0 deletions home/dot_local/etc/clamav/clamdscan.plist.tmpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{{- if eq .host.distro.family "darwin" -}}
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>clamav.clamdscan</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/clamdscan</string>
<string>/</string>
</array>
<key>StartCalendarInterval</key>
<array>
<dict>
<key>Hour</key>
<integer>22</integer>
<key>Minute</key>
<integer>0</integer>
</dict>
</array>
<key>UserName</key>
<string>root</string>
<key>StandardErrorPath</key>
<string>/var/log/clamav/clamdscan.error.log</string>
<key>StandardOutPath</key>
<string>/var/log/clamav/clamdscan.output.log</string>
</dict>
</plist>
{{- end -}}
4 changes: 2 additions & 2 deletions home/dot_local/etc/clamav/freshclam.conf
Original file line number Diff line number Diff line change
@@ -115,7 +115,7 @@ DatabaseMirror database.clamav.net

# Number of database checks per day.
# Default: 12 (every two hours)
#Checks 24
Checks 1

# Proxy settings
# The HTTPProxyServer may be prefixed with [scheme]:// to specify which kind
@@ -201,4 +201,4 @@ NotifyClamd /usr/local/etc/clamav/clamd.conf
# Exclude a standard signature database (opt-out).
# This option can be used multiple times.
#ExcludeDatabase dbname1
#ExcludeDatabase dbname2
#ExcludeDatabase dbname2
30 changes: 30 additions & 0 deletions home/dot_local/etc/clamav/freshclam.plist.tmpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
{{- if eq .host.distro.family "darwin" -}}
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>clamav.freshclam</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/freshclam</string>
<string>-v</string>
</array>
<key>StartCalendarInterval</key>
<array>
<dict>
<key>Hour</key>
<integer>21</integer>
<key>Minute</key>
<integer>0</integer>
</dict>
</array>
<key>UserName</key>
<string>{{ $.chezmoi.username }}</string>
<key>StandardErrorPath</key>
<string>/var/log/clamav/freshclam.error.log</string>
<key>StandardOutPath</key>
<string>/var/log/clamav/freshclam.output.log</string>
</dict>
</plist>
{{- end -}}
35 changes: 22 additions & 13 deletions software.yml
Original file line number Diff line number Diff line change
@@ -2304,6 +2304,15 @@ softwarePackages:
_name: ClamAV
_post: |
#!/usr/bin/env bash
# Setting up launchd services
if [ -d /Applications ] && [ -d /System ]; then
sudo mkdir -p /var/log/clamav
sudo chown $USER /var/log/clamav
sudo cp -f "$HOME/.local/etc/clamav/clamdscan.plist.tmpl" /Library/LaunchDaemons/clamdscan.plist
sudo cp -f "$HOME/.local/etc/clamav/freshclam.plist.tmpl" /Library/LaunchDaemons/freshclam.plist
sudo launchctl load -w /Library/LaunchDaemons/clamdscan.plist
sudo launchctl load -w /Library/LaunchDaemons/freshclam.plist
fi
# Add freshclam.conf
if [ -f "$HOME/.local/etc/clamav/freshclam.conf" ]; then
sudo mkdir -p /usr/local/etc/clamav
@@ -3119,7 +3128,7 @@ softwarePackages:
# @brief Logs into DockerHub for Docker Desktop
# @description
# This script logs into DockerHub so that Docker Desktop is pre-authenticated. This
# functionality requires that the `DOCKERHUB_USER` be passed in as an environment variable (or
# functionality requires that the `DOCKERHUB_USER` be passed in as an environment variable (or
# directly editted in the `~/.config/chezmoi/chezmoi.yaml` file) and that the `DOCKERHUB_TOKEN`
# be passed in as a secret (either via the encrypted secret method or passed in as an environment
# variable).
@@ -5169,7 +5178,7 @@ softwarePackages:
### Populate appropriate token
case "$OSTYPE" in
solaris*) echo "TODO" ;;
darwin*) GITLAB_RUNNER_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GITLAB_RUNNER_TOKEN_DARWIN")) }}{{ includeTemplate "secrets/GITLAB_RUNNER_TOKEN_DARWIN" | decrypt | trim }}{{ else }}{{ env "GITLAB_RUNNER_TOKEN_DARWIN" }}{{ end }}" ;;
darwin*) GITLAB_RUNNER_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GITLAB_RUNNER_TOKEN_DARWIN")) }}{{ includeTemplate "secrets/GITLAB_RUNNER_TOKEN_DARWIN" | decrypt | trim }}{{ else }}{{ env "GITLAB_RUNNER_TOKEN_DARWIN" }}{{ end }}" ;;
linux*) GITLAB_RUNNER_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GITLAB_RUNNER_TOKEN_LINUX")) }}{{ includeTemplate "secrets/GITLAB_RUNNER_TOKEN_LINUX" | decrypt | trim }}{{ else }}{{ env "GITLAB_RUNNER_TOKEN_LINUX" }}{{ end }}" ;;
bsd*) echo "TODO" ;;
msys*) GITLAB_RUNNER_TOKEN="{{ if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "GITLAB_RUNNER_TOKEN_WINDOWS")) }}{{ includeTemplate "secrets/GITLAB_RUNNER_TOKEN_WINDOWS" | decrypt | trim }}{{ else }}{{ env "GITLAB_RUNNER_TOKEN_WINDOWS" }}{{ end }}" ;;
@@ -5198,7 +5207,7 @@ softwarePackages:
{{ end -}}
{{ end }}
fi

### Register VirtualBox based runners if VirtualBox is installed
if [ $HAS_VIRTUALBOX -eq 1 ]; then
logg info 'Registering GitLab Runner(s) that use VirtualBox executor'
@@ -5272,12 +5281,12 @@ softwarePackages:
if command -v gitomatic > /dev/null; then
### Copy bin to /usr/local/bin
logg info "Copying $HOME/.local/bin/gitomatic-service to /usr/local/bin/gitomatic-service" && sudo cp -f "$HOME/.local/bin/gitomatic-service" /usr/local/bin/gitomatic-service

### Copy gitomatic to global directory
if [ ! -f /usr/local/bin/gitomatic ]; then
logg info 'Copying gitomatic executable to /usr/local/bin/gitomatic' && sudo cp -f "$(which gitomatic)" /usr/local/bin/gitomatic
fi

if [ -d /Applications ] && [ -d /System ]; then
### macOS
logg info 'Copying gitomatic plist file to /Library/LaunchDaemons' && sudo cp -f "${XDG_CONFIG_HOME:-$HOME/.config}/gitomatic/com.github.muesli.gitomatic.plist" /Library/LaunchDaemons/com.github.muesli.gitomatic.plist
@@ -7817,7 +7826,7 @@ softwarePackages:

### netdata-claim.sh must be run as netdata user
sudo -H -u netdata bash -c 'export NETDATA_ROOM="{{- if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "NETDATA_ROOM")) -}}{{- includeTemplate "secrets/NETDATA_ROOM" | decrypt | trim -}}{{- else -}}{{- env "NETDATA_ROOM" -}}{{- end -}}" && export NETDATA_TOKEN="{{- if (stat (joinPath .chezmoi.sourceDir ".chezmoitemplates" "secrets" "NETDATA_TOKEN")) -}}{{- includeTemplate "secrets/NETDATA_TOKEN" | decrypt | trim -}}{{- else -}}{{- env "NETDATA_TOKEN" -}}{{- end -}}" && yes | netdata-claim.sh -token="$NETDATA_TOKEN" -rooms="$NETDATA_ROOM" -url="https://app.netdata.cloud"'

### Kernel optimizations
# These are mentioned while installing via the kickstart.sh script method. We are using Homebrew for the installation though.
# Assuming these optimizations do not cause any harm.
@@ -7849,7 +7858,7 @@ softwarePackages:
logg error 'No etc location found for netdata' && exit 1
fi
logg info "Copying ${XDG_CONFIG_HOME:-$HOME/.config}/netdata/health.d/ to $NETDATA_ETC" && sudo cp -rf "${XDG_CONFIG_HOME:-$HOME/.config}/netdata/health.d/" "$NETDATA_ETC"

if command -v gsed > /dev/null; then
SED_UTIL="gsed"
else
@@ -7859,7 +7868,7 @@ softwarePackages:
### Blocky
logg info "Adding Blocky metrics collection to $NETDATA_ETC/go.d/prometheus.conf"
sudo "$SED_UTIL" -i "/jobs:/a\ - name: blocky_local \n url: 'http://127.0.0.1:4000/metrics'" "$NETDATA_ETC/go.d/prometheus.conf"

### SFTPGo
logg info "Adding SFTPGo metrics collection to $NETDATA_ETC/go.d/prometheus.conf"
sudo "$SED_UTIL" -i "/jobs:/a\ - name: sftpgo_local \n url: 'http://127.0.0.1:57500/metrics'" "$NETDATA_ETC/go.d/prometheus.conf"
@@ -10798,7 +10807,7 @@ softwarePackages:
_home: https://github.com/skeeto/endlessh
_name: Endlessh
_service: endlessh
_post: |
_post: |
#!/usr/bin/env bash
# @file Endlessh Configuration
# @brief Applies the Endlessh configuration and starts the service on Linux systems
@@ -11638,7 +11647,7 @@ softwarePackages:
yay: termius
dagu:
_bin: dagu
_github:
_github:
_name: Dagu
_post: |
#!/usr/bin/env bash
@@ -12018,7 +12027,7 @@ softwarePackages:
# ## Links
#
# * [Privoxy configuration](https://github.com/megabyte-labs/install.doctor/tree/master/home/dot_config/privoxy/config)

### Define the Privoxy configuration location based on whether system is macOS or Linux
if [ -d /Applications ] && [ -d /System ]; then
### macOS
@@ -12044,7 +12053,7 @@ softwarePackages:
sudo add-usergroup "$USER" privoxy
fi
sudo chown privoxy:privoxy "$PRIVOXY_CONFIG" 2> /dev/null || sudo chown privoxy:$(id -g -n) "$PRIVOXY_CONFIG"

### Restart Privoxy after configuration is applied
if [ -d /Applications ] && [ -d /System ]; then
### macOS
@@ -13583,7 +13592,7 @@ softwarePackages:
# ## Links
#
# * [`fail2ban` configuration folder](https://github.com/megabyte-labs/install.doctor/tree/master/home/private_dot_ssh/fail2ban)

### Notify of script start
logg info 'Configuring fail2ban'