Simple Script Analysis
If you are new to Linux (or any Unix, like Apple BSD – yes…Apple OS is based on BSD and has a command line terminal option too),
you may not be aware how many switches some commands can have or how to find them.
The simple equivalent of scripts in older Windows is a Batch file (.bat) or Command file (.com) which is a list of shell commands that get run in order.
The man command (for user manual), is the best place for a detailed cmd description for most linux commands (not all have been documented) with options and maybe examples, or try using the –h or –-help switch on any command for a quick look at its options.
This will become clearer below if you are lost already.
The last Post covered a simple but useful script to send a report by mail, after a directory scan by ClamAV.
So how does it work?
The script is between the lines:
rm -f /root/clamscan-report.log
/usr/bin/clamscan -i -r /home/ –move=/tmp/virusfile/ -l clamscan-report.log
cat clamscan-report.log | mail -s "Clamscan Report from HPbox" email@example.com
So what is this script doing? Commands are in blue, screen output is in red.
This starts freshclam which updates the clamav sigs database:
ClamAV update process started at Tue Apr 8 17:46:32 2014
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cld is up to date (version: 18756, sigs: 874769, f-level: 63, builder: neo)
bytecode.cvd is up to date (version: 236, sigs: 43, f-level: 63, builder: dgoddard)
line2 rm -f /root/clamscan-report.log
This force removes the previous clamscan-report.log from the root folder. Check its contents:
root@HPbox:~# ls /root/
.aptitude/ clamscan.sh .gnome2/ .rnd .xsession-errors
.bash_history .config/ .gnome2_private/ Some
.bashrc .dbus/ .gvfs/ .ssh/
.cache/ Desktop/ .pki/ .viminfo
clamscan-report.log .gconf/ .profile .Xauthority
root@HPbox:~# rm –help
Usage: rm [OPTION]… FILE…
Remove (unlink) the FILE(s).
-f, –force ignore nonexistent files, never prompt
-i prompt before every removal
-I prompt once before removing more than three files, or
when removing recursively. Less intrusive than -i,
while still giving protection against most mistakes
–interactive[=WHEN] prompt according to WHEN: never, once (-I), or
always (-i). Without WHEN, prompt always
–one-file-system when removing a hierarchy recursively, skip any
directory that is on a file system different from
that of the corresponding command line argument
–no-preserve-root do not treat
--preserve-root do not remove /' (default)
-r, -R, –recursive remove directories and their contents recursively
-v, –verbose explain what is being done
–help display this help and exit
–version output version information and exit
By default, rm does not remove directories. Use the –recursive (-r or -R)
option to remove each listed directory, too, along with all of its contents.
To remove a file whose name starts with a
-', for example -foo',
use one of these commands:
rm — -foo
Note that if you use rm to remove a file, it might be possible to recover
some of its contents, given sufficient expertise and/or time. For greater
assurance that the contents are truly unrecoverable, consider using shred.
Report rm bugs to firstname.lastname@example.org
GNU coreutils home page: <http://www.gnu.org/software/coreutils/>
General help using GNU software: <http://www.gnu.org/gethelp/>
For complete documentation, run: info coreutils 'rm invocation'
line3 part 1 /usr/bin/clamscan -i -r /home/
This scans the /home/ directory recursively (-r), and only prints infected files found (-i)
root@HPbox:~# clamscan -h
Clam AntiVirus Scanner 0.98.1
By The ClamAV Team: http://www.clamav.net/team
(C) 2007-2009 Sourcefire, Inc.
–help -h Print this help screen
–version -V Print version number
–verbose -v Be verbose
–archive-verbose -a Show filenames inside scanned archives
–debug Enable libclamav's debug messages
–quiet Only output error messages
–stdout Write to stdout instead of stderr
–no-summary Disable summary at end of scanning
–infected -i Only print infected files
–recursive[=yes/no(*)] -r Scan subdirectories recursively
line3 part 2 /usr/bin/clamscan -i -r /home/ –move=/tmp/virusfile/ -l clamscan-report.log
The –move switch of clamscan moves the infected files to a "quarantine" directory = /tmp/virusfile/
root@HPbox:~# clamscan -h
–move=DIRECTORY Move infected files into DIRECTORY
The -l switch writes a log text file named clamscan-report.log (in this case) which is created in root's home directory (as clamscan was run as root in this case).
line4 cat clamscan-report.log | mail -s "Clamscan Report" email@example.com
As the clamscan-report.log has now been created in the root (current root user) directory by line 3, part2, it is first opened (streamed serially start to end of file) by cat (concatenate).
Concatenate FILE(s), or standard input, to standard output.
The cat output is piped ( | )as input to the mail cmd, (already seen as mailx in the LMD Post) and becomes the mail message body.
mail, mailx, Mail â send and receive mail
The -s switch is followed by the mail Subject text in "apostrophes":
Specify subject on command line (only the first argument after
the -s flag is used as a subject; be careful to quote subjects
The recipient email address is the last part that mail sends to (calling all the mail script code parameters setup during the Exim dpkg-reconfigure process to make Exim a smarthost client, so it knows how to talk and authenticate to Gmail on port 587 etc.).
The recipient(s) do not need a switch in this case, just a space (de-limiter), and more recipients can be added separated by another space.
As you can see, even a small 4 line script that just uses individual commands stacked together can accomplish a lot.