OwlCyberSecurity - MANAGER

Edit File: imunify-antivirus

#!/bin/bash
#
# imunify-antivirus daily cron jobs.
#
# Usage:
#   ./imunify-antivirus.cron [<logfile>]
#
# if logfile is not specified, the output will be discarded
# If imunify360-firewall installed, doing nothing
log=${1:-/dev/null}
sh_update_call=${2:-no} # Skips check-domains call and returns return code
lock_wait_secs=${lock_wait_secs:-10800} # Max package manager waiting timeout, 3h
lock_sleep_secs=${lock_sleep_secs:-5} # Poll interval

wait_for_pkg_manager_idle() {
  local end=$((SECONDS + lock_wait_secs))
  local locks=(
    /var/lib/dpkg/lock-frontend
    /var/lib/dpkg/lock
    /var/lib/apt/lists/lock
    /var/cache/apt/archives/lock
  )

while :; do
    local busy=0

if command -v fuser >/dev/null 2>&1; then
      for l in "${locks[@]}"; do
        [ -e "$l" ] || continue
        local pids
        pids="$(fuser "$l" 2>/dev/null | tr -cd '0-9 ' | xargs || true)"
        if [ -n "$pids" ]; then
          busy=1
          echo "Waiting: lock $l is held by PIDs: $pids"
          for pid in $pids; do
            echo "  PID $pid: $(ps -p "$pid" -o comm=,args= 2>/dev/null | sed 's/^[[:space:]]*//')"
          done
        fi
      done
    else
      local pids
      pids="$(pgrep -x dpkg || true) $(pgrep -x apt || true) $(pgrep -x apt-get || true) \
            $(pgrep -x unattended-upgrades || true) $(pgrep -x apt.systemd.daily || true)"
      pids="$(echo "$pids" | tr -s ' ' | xargs || true)"
      if [ -n "$pids" ]; then
        busy=1
        echo "Waiting: package-manager processes running (PIDs: $pids)"
        for pid in $pids; do
          echo "  PID $pid: $(ps -p "$pid" -o comm=,args= 2>/dev/null | sed 's/^[[:space:]]*//')"
        done
      fi
    fi

[ "$busy" -eq 0 ] && return 0

if [ "$SECONDS" -ge "$end" ]; then
      echo "Timeout after ${lock_wait_secs}s waiting for dpkg/apt; exiting."
      return 1
    fi

sleep "$lock_sleep_secs"
  done
}

main()
{
    /usr/libexec/report-command-error /opt/imunify360/venv/bin/python3 /opt/imunify360/venv/share/imunify360/scripts/delay_on_cron_call.py

echo "Checking if imunify360-firewall is installed"
    if dpkg -s imunify360-firewall; then
        echo "Imunify360-installed, skipping antivirus cron"
        exit 0
    fi

echo "Starting daily imunify-antivirus cron jobs at $(date)"
    if [ "$sh_update_call" = "no" ]; then
      /usr/bin/imunify360-agent check-domains
      echo "imunify360-agent check-domains RC: $?"
    fi

PACKAGES="imunify-antivirus \
              ai-bolit \
              alt-common-release \
              alt-php-hyperscan \
              imunify-release \
              imunify-common \
              imunify-notifier \
              imunify-core \
              imunify-realtime-av \
              imunify-ui \
              imunify360-venv \
              imunify-patchman \
              alt-php-internal \
              app-version-detector"

wait_for_pkg_manager_idle || exit 1

/usr/libexec/report-command-error \
        apt-get update -y

UPDATE_RC=$?
    echo "apt-get update RC after: $UPDATE_RC"

/usr/libexec/report-command-error \
        apt-mark unhold $PACKAGES

export DEBCONF_NONINTERACTIVE_SEEN=true
    export DEBIAN_FRONTEND=noninteractive
    /usr/libexec/report-command-error \
        apt-get install --only-upgrade \
        -o "Dpkg::Lock::Timeout=600" \
        -o "Dpkg::Options::=--force-confdef" \
        -o "Dpkg::Options::=--force-confold" \
        -y $PACKAGES

UPDATE_RC=$(( $UPDATE_RC + $? ))
    echo "apt-get install --only-upgrade RC after: $UPDATE_RC"

/usr/libexec/report-command-error \
        apt-mark hold $PACKAGES

/usr/bin/imunify-antivirus version
    echo "Finished daily imunify-antivirus cron jobs at $(date)"

if [ "$sh_update_call" = "yes" ]; then
        exit $UPDATE_RC
    fi
}

main >> "$log" 2>&1