How can I write two separate outputs from one command?

IRJ

@stacksofplates Here is how it looks when I add the date. I cannot same to get a space in between however

clamscan -i -r --exclude=/sys | sed "s/^/$(date)/ " >> /var/log/clamav/scan_log

Mon Dec  9 20:10:59 UTC 2019/tmp/clamav_test/emerging-deleted.rules: Html.Trojan.Blackhole-65 FOUND
Mon Dec  9 20:10:59 UTC 2019/tmp/clamav_test/emerging-web_client.rules: Html.Exploit.CVE_2018_8373-6654754-1 FOUND
Mon Dec  9 20:10:59 UTC 2019
Mon Dec  9 20:10:59 UTC 2019----------- SCAN SUMMARY -----------
Mon Dec  9 20:10:59 UTC 2019Known viruses: 6594198
Mon Dec  9 20:10:59 UTC 2019Engine version: 0.101.4
Mon Dec  9 20:10:59 UTC 2019Scanned directories: 1
Mon Dec  9 20:10:59 UTC 2019Scanned files: 45
Mon Dec  9 20:10:59 UTC 2019Infected files: 2
Mon Dec  9 20:10:59 UTC 2019Data scanned: 38.73 MB
Mon Dec  9 20:10:59 UTC 2019Data read: 15.07 MB (ratio 2.57:1)
Mon Dec  9 20:10:59 UTC 2019Time: 49.446 sec (0 m 49 s)

stacksofplates

Here's the output from systemd if you create a service:

Dec 09 15:16:47 localhost.localdomain systemd[1]: Started ClamAV Scanner.
Dec 09 15:16:47 localhost.localdomain scan.sh[23673]: LibClamAV Warning: **************************************************
Dec 09 15:16:47 localhost.localdomain scan.sh[23673]: LibClamAV Warning: ***  The virus database is older than 7 days!  ***
Dec 09 15:16:47 localhost.localdomain scan.sh[23673]: LibClamAV Warning: ***   Please update it as soon as possible.    ***
Dec 09 15:16:47 localhost.localdomain scan.sh[23673]: LibClamAV Warning: **************************************************
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: ----------- SCAN SUMMARY -----------
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Known viruses: 6561649
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Engine version: 0.101.5
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Scanned directories: 11
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Scanned files: 41
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Infected files: 0
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Data scanned: 32.97 MB
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Data read: 200.09 MB (ratio 0.16:1)
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Time: 30.328 sec (0 m 30 s)
Dec 09 15:17:17 localhost.localdomain systemd[1]: scan.service: Succeeded.

IRJ

@stacksofplates said in How can I write two separate outputs from one command?:

Here's the output from systemd if you create a service:

Dec 09 15:16:47 localhost.localdomain systemd[1]: Started ClamAV Scanner.
Dec 09 15:16:47 localhost.localdomain scan.sh[23673]: LibClamAV Warning: **************************************************
Dec 09 15:16:47 localhost.localdomain scan.sh[23673]: LibClamAV Warning: ***  The virus database is older than 7 days!  ***
Dec 09 15:16:47 localhost.localdomain scan.sh[23673]: LibClamAV Warning: ***   Please update it as soon as possible.    ***
Dec 09 15:16:47 localhost.localdomain scan.sh[23673]: LibClamAV Warning: **************************************************
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: ----------- SCAN SUMMARY -----------
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Known viruses: 6561649
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Engine version: 0.101.5
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Scanned directories: 11
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Scanned files: 41
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Infected files: 0
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Data scanned: 32.97 MB
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Data read: 200.09 MB (ratio 0.16:1)
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Time: 30.328 sec (0 m 30 s)
Dec 09 15:17:17 localhost.localdomain systemd[1]: scan.service: Succeeded.

Can you show me your systemd service file?

stacksofplates

If it were me, I'd just set up a service and timer. Then it's super easy to automate and audit. You just make sure the service and timer are enabled and you can check whenever you need that they are. Logs are really easy to grab then too. For this I just ran journalctl -u scan

stacksofplates

@IRJ said in How can I write two separate outputs from one command?:

@stacksofplates said in How can I write two separate outputs from one command?:

Here's the output from systemd if you create a service:

Dec 09 15:16:47 localhost.localdomain systemd[1]: Started ClamAV Scanner.
Dec 09 15:16:47 localhost.localdomain scan.sh[23673]: LibClamAV Warning: **************************************************
Dec 09 15:16:47 localhost.localdomain scan.sh[23673]: LibClamAV Warning: ***  The virus database is older than 7 days!  ***
Dec 09 15:16:47 localhost.localdomain scan.sh[23673]: LibClamAV Warning: ***   Please update it as soon as possible.    ***
Dec 09 15:16:47 localhost.localdomain scan.sh[23673]: LibClamAV Warning: **************************************************
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: ----------- SCAN SUMMARY -----------
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Known viruses: 6561649
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Engine version: 0.101.5
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Scanned directories: 11
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Scanned files: 41
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Infected files: 0
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Data scanned: 32.97 MB
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Data read: 200.09 MB (ratio 0.16:1)
Dec 09 15:17:17 localhost.localdomain scan.sh[23673]: Time: 30.328 sec (0 m 30 s)
Dec 09 15:17:17 localhost.localdomain systemd[1]: scan.service: Succeeded.

Can you show me your systemd service file?

[Unit]
Description=ClamAV Scanner

[Service]
Type=simple
ExecStart=/usr/local/bin/scan.sh

[Install]
WantedBy=default.target

#!/bin/bash

clamscan -i -r /home/jhooks/Downloads

stacksofplates

A timer would just be this:

[Unit]
Description=Run Clam Scan

[Timer]
OnCalendar=*-*-* 00:00:00
Unit=scan.service

[Install]
WantedBy=default.target

IRJ

@stacksofplates said in How can I write two separate outputs from one command?:

A timer would just be this:

[Unit]
Description=Run Clam Scan

[Timer]
OnCalendar=*-*-* 00:00:00
Unit=scan.service

[Install]
WantedBy=default.target

Do you run systemctl enable clamav.timer and systemclt start clamav.timer instead of doing it with service?

IRJ

Service is failing, but timer is not?

stacksofplates

@IRJ said in How can I write two separate outputs from one command?:

@stacksofplates said in How can I write two separate outputs from one command?:

A timer would just be this:

[Unit]
Description=Run Clam Scan

[Timer]
OnCalendar=*-*-* 00:00:00
Unit=scan.service

[Install]
WantedBy=default.target

Do you run systemctl enable clamav.timer and systemclt start clamav.timer instead of doing it with service?

Sorry was in the car, yeah you can do systemctl enable --now clamav.timer and it will do both.

stacksofplates

@IRJ said in How can I write two separate outputs from one command?:

Service is failing, but timer is not?

What's the output of journalctl -u clamav?

IRJ

@stacksofplates said in How can I write two separate outputs from one command?:

@IRJ said in How can I write two separate outputs from one command?:

Service is failing, but timer is not?

What's the output of journalctl -u clamav?

IRJ

What permission is needed on that script @stacksofplates ?

stacksofplates

What's your script look like?

stacksofplates

Oooh are you running from /tmp? Did you mount /tmp with noexec like the stigs want?

IRJ

I ended up moving out of /tmp and the permission issue was fixed. It still failed because I wasnt specifying /bin/bash before script file. Once I changed that it worked.

stacksofplates

@IRJ said in How can I write two separate outputs from one command?:

I ended up moving out of /tmp and the permission issue was fixed. It still failed because I wasnt specifying /bin/bash before script file. Once I changed that it worked.

Ah ok. Did you have #!/bin/bash in the script? I've never had it complain about that before?

IRJ

@stacksofplates said in How can I write two separate outputs from one command?:

@IRJ said in How can I write two separate outputs from one command?:

I ended up moving out of /tmp and the permission issue was fixed. It still failed because I wasnt specifying /bin/bash before script file. Once I changed that it worked.

Ah ok. Did you have #!/bin/bash in the script? I've never had it complain about that before?

Nope lol.