pdm/security-tools
Public Access
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
326379076024593708adb33edc34cd51e78adb23
security-tools/setup.sh
pdmarf 3263790760 Store logs in logs/ folder with 60 day retention 
- Logs go to logs/YYYYMMDD.log per script per day
- Cleanup cron runs at 09:00 daily, deletes logs older than 60 days
- logs/ gitignored
2026-04-17 22:29:46 +01:00

87 lines
3.6 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# setup.sh
# Run once after cloning on any VM where you want security scanning active.
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
echo "=== Security Tools Setup ==="
echo ""
# ── Telegram credentials ───────────────────────────────────────────────────────
if [[ -f "$SCRIPT_DIR/config.sh" ]]; then
echo "config.sh already exists — skipping credential setup."
else
echo "Enter your Telegram bot token:"
read -r BOT_TOKEN
echo "Enter your Telegram chat ID:"
read -r CHAT_ID
cat > "$SCRIPT_DIR/config.sh" <<EOF
#!/usr/bin/env bash
# Telegram notification config
TELEGRAM_BOT_TOKEN="${BOT_TOKEN}"
TELEGRAM_CHAT_ID="${CHAT_ID}"
EOF
chmod 600 "$SCRIPT_DIR/config.sh"
echo "config.sh created."
fi
# ── Make scripts executable ────────────────────────────────────────────────────
chmod +x "$SCRIPT_DIR/npm-security-check.sh"
chmod +x "$SCRIPT_DIR/check-nextjs-rce.sh"
# ── Create logs directory ──────────────────────────────────────────────────────
mkdir -p "$SCRIPT_DIR/logs"
# ── Cron jobs ──────────────────────────────────────────────────────────────────
CRON_1="0 8 * * * $SCRIPT_DIR/npm-security-check.sh >> $SCRIPT_DIR/logs/npm-security-check-\$(date +\%Y\%m\%d).log 2>&1"
CRON_2="5 8 * * * $SCRIPT_DIR/check-nextjs-rce.sh >> $SCRIPT_DIR/logs/check-nextjs-rce-\$(date +\%Y\%m\%d).log 2>&1"
CRON_3="0 9 * * * find $SCRIPT_DIR/logs -name '*.log' -mtime +60 -delete"
EXISTING=$(crontab -l 2>/dev/null || true)
if echo "$EXISTING" | grep -qF "npm-security-check.sh"; then
echo "Cron job for npm-security-check.sh already registered — skipping."
else
(echo "$EXISTING"; echo "$CRON_1") | crontab -
echo "Cron job registered: npm-security-check.sh daily at 08:00."
fi
if echo "$EXISTING" | grep -qF "check-nextjs-rce.sh"; then
echo "Cron job for check-nextjs-rce.sh already registered — skipping."
else
(crontab -l 2>/dev/null; echo "$CRON_2") | crontab -
echo "Cron job registered: check-nextjs-rce.sh daily at 08:05."
fi
if echo "$EXISTING" | grep -qF "logs -name '*.log'"; then
echo "Log cleanup cron already registered — skipping."
else
(crontab -l 2>/dev/null; echo "$CRON_3") | crontab -
echo "Cron job registered: log cleanup daily at 09:00 (60 day retention)."
fi
# ── Test Telegram ──────────────────────────────────────────────────────────────
source "$SCRIPT_DIR/config.sh"
HOSTNAME=$(hostname)
echo ""
echo "Sending test Telegram message..."
RESPONSE=$(curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_BOT_TOKEN}/sendMessage" \
-d chat_id="${TELEGRAM_CHAT_ID}" \
-d text="✅ <b>Security Tools Active</b>
Host: <code>${HOSTNAME}</code>
Scripts registered and running daily at 08:00." \
-d parse_mode="HTML")
if echo "$RESPONSE" | grep -q '"ok":true'; then
echo "Test message sent to Telegram."
else
echo "Warning: Telegram message failed. Check your token and chat ID in config.sh."
fi
echo ""
echo "Setup complete. Security scans will run daily at 08:00 on ${HOSTNAME}."
Reference in New Issue View Git Blame Copy Permalink