Maldet이 이메일을 통해 보고서를 보내지 않는 이유는 무엇입니까?

tag-icon tag-icon shell-script centos email malware
Maldet이 이메일을 통해 보고서를 보내지 않는 이유는 무엇입니까?

Postfix가 실행 중입니다. Maldet 보고서를 우편으로 보내려고 하는데 오류가 발생하는데 이유를 모르겠습니다.

[root@do ~]#  maldet --report 170321-0115.21534 [email protected]
Linux Malware Detect v1.6
            (C) 2002-2017, R-fx Networks <[email protected]>
            (C) 2017, Ryan MacDonald <[email protected]>
This program may be freely redistributed under the terms of the GNU GPL v2

/usr/local/maldetect/internals/functions: line 608: -s: command not found
maldet(18718): {report} report ID 170321-0115.21534 sent to [email protected]

이것은 608번째 줄입니다

if [ -f "$sessdir/session.$rid" ] && [ ! -z "$(echo $2 | grep '\@')" ]; th$
            cat $sessdir/session.$rid | $mail -s "$email_subj" "$2"
            eout "{report} report ID $rid sent to $2" 1
            exit

답변1

$mail 변수는 mail 명령이 아직 설치되지 않았기 때문에 비어 있습니다.

실행 apt-get install mailx(debian 또는 ubuntu) 또는 yum install -y mailx(centos 또는 redhat)

답변2

일부 설정에서는 누락된 명령으로 인해 mail다음 오류가 발생합니다 ./usr/local/maldetect/internals/functions: line 647: -s: command not found

이미 설치한 경우 sendmail다음 차이점을 사용하여 sendmail이메일 전송 지원을 추가할 수 있습니다.

diff --git a/files/internals/functions b/files/internals/functions
index f3e0a1a..acdb1b9 100644
--- a/files/internals/functions
+++ b/files/internals/functions
@@ -108,6 +108,10 @@ prerun() {
    if [ ! -f "$mail" ] || [ -z "$mail" ]; then
        email_alert=0
    fi
+
+   if [ "$email_alert" == "0" ] && [ -f "$sendmail" ]; then
+        email_alert=1
+    fi

    if [ ! -f "$sig_cust_hex_file" ]; then
        touch $sig_cust_hex_file
@@ -644,8 +648,19 @@ view_report() {
        fi
    fi
    if [ -f "$sessdir/session.$rid" ] && [ ! -z "$(echo $2 | grep '\@')" ]; then
-       cat $sessdir/session.$rid | $mail -s "$email_subj" "$2"
-       eout "{report} report ID $rid sent to $2" 1
+       if [ -f "$mail" ]; then
+           cat $sessdir/session.$rid | $mail -s "$email_subj" "$2"
+       elif [ -f "$sendmail" ]; then
+           if ! grep -q "SUBJECT: " "$sessdir/session.$rid"; then
+               echo -e "SUBJECT: $email_subj\n$(cat $sessdir/session.$rid)" > $sessdir/session.$rid
+           fi
+           cat $sessdir/session.$rid | $sendmail -t "$2"
+       else
+           eout "{scan} no \$mail or \$sendmail binaries found, e-mail alerts disabled."
+           exit
+       fi
+
+        eout "{report} report ID $rid sent to $2" 1
        exit
    fi
    if [ "$rid" == "" ] && [ -f "$sessdir/session.last" ]; then
@@ -1073,8 +1088,8 @@ scan() {
        eout "{scan.hook} scan of $spath in progress (id: $datestamp.$$)"
    fi
    cnt=0
-   if [ -z "$mail" ]; then
-       eout "{scan} no \$mail binary found, e-mail alerts disabled."
+   if [ -z "$mail" ] && [ -z "$sendmail" ]; then
+       eout "{scan} no \$mail or \$sendmail binaries found, e-mail alerts disabled."
    fi
    if [ -f "$clamscan" ] && [ "$scan_clamscan" == "1" ]; then
        if [ -z "$hscan" ]; then
@@ -1309,7 +1324,16 @@ genalert() {
    file="$2"
         if [ "$email_alert" == "1" ] || [ "$type" == "digest" ] || [ "$type" == "daily" ]; then
        if [ "$type" == "file" ] && [ -f "$file" ]; then
-           cat $file | $mail -s "$email_subj" $email_addr
+           if [ -f "$mail" ]; then
+                cat $file | $mail -s "$email_subj" $email_addr
+            elif [ -f "$sendmail" ]; then
+                if ! grep -q "SUBJECT: " "$file"; then
+                    echo -e "SUBJECT: $email_subj\n$(cat $file)" > $file
+                fi
+                cat $file | $sendmail -t $email_addr
+            else
+                eout "{scan} no \$mail or \$sendmail binaries found, e-mail alerts disabled."
+            fi
            if [ ! "$(whoami)" == "root" ] && [ -z "$(echo $2 | grep '\@')" ]; then
                if [ -z "$hscan" ]; then
                    eout "{alert} sent scan report to config default $email_addr" 1
@@ -1353,8 +1377,18 @@ genalert() {
                grep -E '^{.*}' $sessdir/session.$scanid > $sessdir/session.hits.$scanid
                echo "$scanid" > $sessdir/session.last
                email_subj="${email_subj}: monitor summary"
-               cat $tmpf | $mail -s "$email_subj" $email_addr
-               eout "{alert} sent $type alert to $email_addr"
+               if [ -f "$mail" ]; then
+                    cat $tmpf | $mail -s "$email_subj" $email_addr
+                    eout "{alert} sent $type alert to $email_addr"
+                elif [ -f "$sendmail" ]; then
+                    if ! grep -q "SUBJECT: " "$tmpf"; then
+                        echo -e "SUBJECT: $email_subj\n$(cat $tmpf)" > $tmpf
+                    fi
+                    cat $tmpf | $sendmail -t $email_addr
+                    eout "{alert} sent $type alert to $email_addr"
+                else
+                    eout "{scan} no \$mail or \$sendmail binaries found, e-mail alerts disabled."
+                fi
                rm -f $tmpf $tmpdir/.digest.alert.hits $tmpdir/.digest.clean.hits $tmpdir/.digest.monitor.alert $tmpdir/.digest.susp.hits
            fi
        else
diff --git a/files/internals/internals.conf b/files/internals/internals.conf
index c998fd3..1291960 100644
--- a/files/internals/internals.conf
+++ b/files/internals/internals.conf
@@ -44,6 +44,7 @@ cpulimit=`which cpulimit 2> /dev/null`
 ionice=`which ionice 2> /dev/null`
 wc=`which wc 2> /dev/null`
 mail=`which mail 2> /dev/null`
+sendmail=`which sendmail 2> /dev/null`
 pidof=`which pidof 2> /dev/null`
 sed=`which sed 2> /dev/null`
 stat=`which stat 2> /dev/null`
-- 
1.8.3.2

실제 커밋은 아래 링크에서 확인할 수 있습니다.

https://github.com/richardferaro/linux-malware-Detect/commit/3837d00ee44a7b2fe048ee5688424ff47025da13

위의 내용은 Linux Malware Detect v1.6.1을 기반으로 합니다.

관련 정보