Add Ability To Customize Paths Scanned In Cron.daily

[vwesisolak]

Hello,

Recently I wanted to modify the paths scanned in the daily cron but was unable to find a way to to this that would survive an update since the cron is replaced.

I propose adding handling so that $custom_scan_paths could be specified in $cron_custom_conf or elsewhere and augment the detected paths to be scanned and/or override them with $override_scan_paths.

--- cron.daily.orig     2017-02-02 09:17:31.453671992 -0500
+++ cron.daily  2017-02-02 09:36:31.519009663 -0500
@@ -65,38 +65,51 @@
 else
        if [ -d "/home/virtual" ] && [ -d "/usr/lib/opcenter" ]; then
                # ensim
-               $inspath/maldet -b -r /home/virtual/?/fst/var/www/html/,/home/virtual/?/fst/home/?/public_html/ $scan_days >> /dev/null 2>&1
+               scan_paths="/home/virtual/?/fst/var/www/html/,/home/virtual/?/fst/home/?/public_html/"
        elif [ -d "/etc/psa" ] && [ -d "/var/lib/psa" ]; then
                # psa
-               $inspath/maldet -b -r /var/www/vhosts/?/ $scan_days >> /dev/null 2>&1
+               scan_paths="/var/www/vhosts/?/"
         elif [ -d "/usr/local/directadmin" ]; then
                 # DirectAdmin
-                $inspath/maldet -b -r /home?/?/domains/?/public_html/,/var/www/html/?/ $scan_days >> /dev/null 2>&1
+                scan_paths="/home?/?/domains/?/public_html/,/var/www/html/?/"
        elif [ -d "/var/www/clients" ]; then
                # ISPConfig
-                $inspath/maldet -b -r /var/www/clients/?/web?/web,/var/www $scan_days >> /dev/null 2>&1
+                scan_paths="/var/www/clients/?/web?/web/,/var/www/"
        elif [ -d "/etc/webmin/virtual-server" ]; then
                # Virtualmin
-                $inspath/maldet -b -r /home/?/public_html/,/home/?/domains/?/public_html/ $scan_days >> /dev/null 2>&1
+                scan_paths="/home/?/public_html/,/home/?/domains/?/public_html/"
        elif [ -d "/usr/local/ispmgr" ]; then
                # ISPmanager
-               $inspath/maldet -b -r /var/www/?/data/,/home/?/data/ $scan_days >> /dev/null 2>&1
+               scan_paths="/var/www/?/data/,/home/?/data/"
        elif [ -d "/var/customers/webs" ]; then
                # froxlor
-               $inspath/maldet -b -r /var/customers/webs/ $scan_days >> /dev/null 2>&1
+               scan_paths="/var/customers/webs/"
         elif [ -d "/usr/local/vesta" ]; then
                 # VestaCP
-                $inspath/maldet -b -r /home/?/web/?/public_html/,/home/?/web/?/public_shtml/,/home/?/tmp/,/home/?/web/?/private/ $scan_days >> /dev/null 2>&1
+                scan_paths="/home/?/web/?/public_html/,/home/?/web/?/public_shtml/,/home/?/tmp/,/home/?/web/?/private/"
         elif [ -d "/usr/share/dtc" ]; then
                 # DTC
                 if [ -f /var/lib/dtc/saved_install_config ]; then
                     . /var/lib/dtc/saved_install_config
                 fi
-                $inspath/maldet -b -r ${conf_hosting_path:-/var/www/sites}/?/?/subdomains/?/html/ $scan_days >> /dev/null 2>&1
+                scan_paths="${conf_hosting_path:-/var/www/sites}/?/?/subdomains/?/html/"
        else
                # cpanel, interworx and other standard home/user/public_html setups
-               $inspath/maldet -b -r /home?/?/public_html/,/var/www/html/,/usr/local/apache/htdocs/ $scan_days >> /dev/null 2>&1
+               scan_paths="/home?/?/public_html/,/var/www/html/,/usr/local/apache/htdocs/"
        fi
+
+       if [ -n "$override_scan_paths" ]; then
+               # replace detected scan_paths with override
+               scan_paths="$override_scan_paths"
+       fi
+
+       if [ -n "$scan_paths" ] && [ -n "$custom_scan_paths" ]; then
+               # prepend comma separator
+               custom_scan_paths=",$custom_scan_paths"
+       fi
+
+       # perform scan
+       $inspath/maldet -b -r "$scan_paths$custom_scan_paths" $scan_days >> /dev/null 2>&1
 fi
 
 if [ -f "$cron_custom_exec" ]; then

--Eric

[Gazoo]

I would like to add it would be nice to be able to control the prune time for the cron.daily. Some of us would like to save quarantine/session/tmp data longer than 7 days.

[gbot]

Isn't this already possible in 1.5 by using /usr/local/maldetect/cron/custom.cron?

[Gazoo]

Isn't this already possible in 1.5 by using /usr/local/maldetect/cron/custom.cron?

No these are currently hardcoded.

[gbot]

No these are currently hardcoded.

I like the suggestion from @vwesisolak (although it doesn't look like it made it into 1.6), but I just meant to point out that you can currently add an additional scan via custom.cron. Sure this doesn't actually add paths to the default daily.cron scan, but at least you can initiate an extra scan for the paths you need.

[rfxn]

This has been pushed in latest commit as a conf.maldet option. You can also redefine any conf.maldet option explicitly for the cron execution by creating /usr/local/maldetect/cron/conf.maldet.cron file.

"[New] added conf.maldet option cron_prune_days for configuration cron.daily pruning max age of quarantine/sess/tmp data; issue #197"

[vwesisolak]

This was closed but looks like my initial suggestion for custom path handling (or similar) wasn't implemented. Any particular reason this change was rejected? Due to the notification requirements, performing multiple scans is not very helpful (I have a separate cron to send the last scan's output regardless of result).