This is the data collector. You can expand it to add many different commands and types of data collection. All of the files are created in the /data directory.
#!/usr/bin/perl -w
use strict;
# Program: collector.pl, v2.2 2020-03-08
#
# Michael Smith (mike@smithware.net)
#
## setup variables
my %Cmds;
my $host = qw(hostname.com);
my $user = “root”;
my $externalip = “www.xxx.yyy.zzz”;
chdir “/data”;
## files to be hashed
my @md5files = qw(/bin/login
/usr/bin/passwd
/bin/ps);
my ($Second, $Minute, $Hour, $Day, $Month, $Year, $WeekDay, $DayOfYear, $IsDST) = localtime(time);
## run these commands and put the results into the files
## $Cmds{‘filename’} = “command”;
$Cmds{‘md5sigs’} = “md5sum @md5files”;
$Cmds{‘suidfiles’} = “find / ! -wholename ‘/proc*’ -type f -perm /6000 |xargs ls -l”;
$Cmds{‘cron.root’} = “crontab -l -u root”;
$Cmds{‘nmap’} = “nmap -sS $externalip | egrep -v ‘^(Nmap|Starting)'”;
$Cmds{‘listening’} = “netstat -utan | grep -i listen”;
## moved from rc.firewall to apf
#$Cmds{‘iptables’} = “/sbin/iptables –list”;
## security audits
## full report
$Cmds{‘rootkithunt’} = “/usr/bin/rkhunter -c –no-mail-on-warning –noappend-log –sk –nocolors”;
$Cmds{‘lynis’} = “lynis audit system –no-colors”;
#$Cmds{‘chkroot’} = “/usr/bin/chkrootkit”;
## warnings only
#$Cmds{‘rootkithunt’} = “/usr/bin/rkhunter -c –no-mail-on-warning –rwo –noappend-log –sk –nocolors”;
#$Cmds{‘lynis’} = “lynis audit system –warnings-only –no-colors”;
## https://www.rfxn.com/
$Cmds{‘apf_status’} = “apf -t”;
$Cmds{‘lsm’} = “/usr/local/sbin/lsm -c”;
$Cmds{‘sim’} = “/usr/local/sbin/sim -s”;
## updated as part of cron.daily
#$Cmds{‘/dev/null’} = “/usr/bin/rkhunter –update”;
#$Cmds{‘/dev/null’} = “updatedb”;
## once a day, at 2am, run this command – Malware Detection
## uses LMD, a great package from https://www.rfxn.com/
if ($Hour == 2) {
$Cmds{‘brutforce’} = “/usr/local/sbin/bfd -a; bfd -s”;
$Cmds{‘maldet’} = “/usr/local/sbin/maldet -r / 2 > maldet”;
$Cmds{‘apf’} = “/usr/local/sbin/apf -l”;
}
## once a day, at 8am, run these commands – disk size and updated packages
if ($Hour == 8) {
$Cmds{‘disk.usage’} = “df -lk”;
$Cmds{‘packages’} = “dnf check-update”;
}
## main loop ###
for my $file (keys %Cmds) {
my $cmd = $Cmds{$file};
## run each command on $host and print the
## output to $file
&run_command($cmd, $file, $host);
}
exit 0;
sub run_command() {
my ($cmd, $file, $host) = @_;
my ($stdout, $stderr, $exit) = system($cmd.” > $file”);
return;
}