如何将ClamAV集成到PureFTPd中以在​​CentOS 7上进行病毒扫描

2017-09-23 分类:系统运维 阅读() 评论()

本教程介绍了如何将ClamAV集成到PureFTPd中,以便在CentOS 7系统上进行病毒扫描。 最后,每当通过PureFTPd上传文件时,ClamAV将检查该文件并将其删除,如果它包含病毒或恶意软件。

1初步说明

您应该在CentOS 7服务器上安装一个有效的PureFTPd设置,例如本教程所示:CentOS 7上使用PureFTPd和MySQL虚拟主机(包括配额和带宽管理)

2安装ClamAV

ClamAV在官方CentOS存储库中不可用,因此,我们启用了EPEL存储库(如果您还没有这样做),首先导入RPM GPK密钥。 

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*

然后,我们在CentOS系统上启用EPEL存储库,因为本教程中将要安装的许多软件包在官方CentOS 7存储库中不可用: 

yum -y install epel-release
yum -y install yum-priorities

编辑/etc/yum.repos.d/epel.repo ... 

nano /etc/yum.repos.d/epel.repo

...并将行优先级= 10添加到[epel]部分: 

[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
priority=10
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
[...]

然后我们更新系统上现有的软件包: 

yum update

之后, 我们可以安装ClamAV如下: 

yum -y clamav clamav-server clamav-data clamav-update clamav-filesystem clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

编辑文件/etc/freshclam.conf并注释掉示例行: 

nano /etc/freshclam.conf

通过在示例行的前面添加一个#: 

.....
# Comment or remove the line below.
# Example

....

然后编辑文件/etc/clamd.d/scan.conf: 

nano /etc/clamd.d/scan.conf

并注释掉示例行,就像我们在上面的文件中所做的那样,删除LocalSocket行前面的#。 

.....
# Comment or remove the line below.
# Example

....
LocalSocket /var/run/clamd.scan/clamd.sock
....

接下来,我们为clamd创建系统启动链接并启动它: 

systemctl enable clamd@.service
freshclam

然后启动clamav服务: 

systemctl start clamd@.service

您可以使用以下命令检查ClamAV守护程序的状态: 

 systemctl  status clamd@scan

结果应该是这样的: 

[root@server1 system]# systemctl status clamd@scan
? clamd@scan.service - Generic clamav scanner daemon
Loaded: loaded (/usr/lib/systemd/system/clamd@scan.service; disabled; vendor preset: disabled)
Active: active (running) since Thu 2016-04-07 15:44:28 CEST; 1min 48s ago
Main PID: 10945 (clamd)
CGroup: /system.slice/system-clamd.slice/clamd@scan.service
??10945 /usr/sbin/clamd -c /etc/clamd.d/scan.conf --nofork=yes
Apr 07 15:44:36 server1.example.com clamd[10945]: HTML support enabled.
Apr 07 15:44:36 server1.example.com clamd[10945]: XMLDOCS support enabled.
Apr 07 15:44:36 server1.example.com clamd[10945]: HWP3 support enabled.
Apr 07 15:44:36 server1.example.com clamd[10945]: Self checking every 600 seconds.
Apr 07 15:44:36 server1.example.com clamd[10945]: PDF support enabled.
Apr 07 15:44:36 server1.example.com clamd[10945]: SWF support enabled.
Apr 07 15:44:36 server1.example.com clamd[10945]: HTML support enabled.
Apr 07 15:44:36 server1.example.com clamd[10945]: XMLDOCS support enabled.
Apr 07 15:44:36 server1.example.com clamd[10945]: HWP3 support enabled.
Apr 07 15:44:36 server1.example.com clamd[10945]: Self checking every 600 seconds.

3配置PureFTPd

首先我们打开/etc/pure-ftpd/pure-ftpd.conf并将CallUploadScript设置为yes

nano /etc/pure-ftpd/pure-ftpd.conf
[...]
# If your pure-ftpd has been compiled with pure-uploadscript support,
# this will make pure-ftpd write info about new uploads to
# /var/run/pure-ftpd.upload.pipe so pure-uploadscript can read it and
# spawn a script to handle the upload.
# Don't enable this option if you don't actually use pure-uploadscript.

CallUploadScript yes
[...]

接下来,我们创建文件/etc/pure-ftpd/clamav_check.sh (每当通过PureFTPd上传文件时,它将调用/ usr / bin / clamdscan)... 

nano /etc/pure-ftpd/clamav_check.sh
#!/bin/sh
/usr/bin/clamdscan --fdpass --remove --quiet --no-summary -c /etc/clamd.d/scan.conf "$1"

...并使其可执行: 

chmod 755 /etc/pure-ftpd/clamav_check.sh

现在我们启动pure-uploadscript程序作为守护进程,每当通过PureFTPd上传文件时,它将会调用我们的/etc/pure-ftpd/clamav_check.sh脚本: 

pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh

当然,你不想在启动系统时手动启动守护进程 - 因此我们打开/etc/rc.local ... 

nano /etc/rc.local

...并将/ usr / sbin / pure-uploadscript -b -r /etc/pure-ftpd/clamav_check.sh添加到其中 - 如下所示: 

#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/clamav_check.sh
touch /var/lock/subsys/local

最后我们重新启动PureFTPd: 

systemctl restart clamd@.service

而已! 现在每当有人尝试通过PureFTPd将恶意软件上传到您的服务器时,“坏”文件将被默认删除。

4虚拟机映像

本教程可用于为Howtoforge订阅者准备使用OVA / OVF格式的虚拟机。 VM格式与VMWare和Virtualbox以及可以导入此格式的其他工具兼容。 您可以在顶部的右侧菜单中找到下载链接。 点击文件名开始下载。

VM的登录详细信息如下:

SSH登录

用户名:root
密码:youcl

玛丽亚登录

用户名:root
密码:youcl

请在首次启动后更改密码。

5链接

赞(52) 打赏
未经允许不得转载:优客志 » 系统运维
分享到:
标签:

相关推荐

吐血推荐

推荐云主机,建站更安全

优客志推荐站长使用阿里云主机,安全可靠、轻松上云,从此告别主机无售后、主机各种难题。点击领取1000元代金券

热度排行

热门标签

Ubuntu (2170) Linux (1251) debian (936) centos (935) Security (686) Apache (652) Nginx (536) Desktop (533) MySQL (492) web-server (486) PHP (466) fedora (446) Linux Commands (383) virtualization (308) ispconfig (297) Ubuntu 16.04 (285) Storage (284) JAVA (279) monitoring (243) server (231) Open Source (210) suse (201) Control Panels (186) Email (182) python (182) shell (179) FTP (175) Postfix (174) Linux Tricks (149) Development (137)

Copyright © 2018 优客网 All Rights Reserved

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

微信扫一扫打赏