1 |
slords |
1.1 |
#!/bin/sh |
2 |
|
|
# 01-rkhunter A shell script to update and run rkhunter via CRON |
3 |
|
|
|
4 |
|
|
XITVAL=0 |
5 |
|
|
|
6 |
|
|
# Get a secure tempfile |
7 |
|
|
TMPFILE1=`/bin/mktemp -p /var/run/rkhunter rkhcronlog.XXXXXXXXXX` || exit 1 |
8 |
|
|
|
9 |
|
|
if [ ! -e /var/lock/subsys/rkhunter ]; then |
10 |
|
|
|
11 |
|
|
# Try to keep the SysInit boot scan from colliding with us (highly unlikely) |
12 |
|
|
/bin/touch /var/lock/subsys/rkhunter |
13 |
|
|
|
14 |
|
|
# Source system configuration parameters. |
15 |
|
|
if [ -e /etc/sysconfig/rkhunter ] ; then |
16 |
|
|
. /etc/sysconfig/rkhunter |
17 |
|
|
else |
18 |
|
|
MAILTO=root@localhost |
19 |
|
|
fi |
20 |
|
|
|
21 |
|
|
# If a diagnostic mode scan was requested, setup the parameters |
22 |
|
|
if [ "$DIAG_SCAN" == "yes" ]; then |
23 |
|
|
RKHUNTER_FLAGS="--checkall --skip-keypress --nocolors --quiet --appendlog --display-logfile" |
24 |
|
|
else |
25 |
|
|
RKHUNTER_FLAGS="--cronjob --nocolors --report-warnings-only" |
26 |
|
|
fi |
27 |
|
|
|
28 |
|
|
# Set a few critical parameters |
29 |
|
|
RKHUNTER=/usr/bin/rkhunter |
30 |
|
|
LOGFILE=/var/log/rkhunter/rkhunter.log |
31 |
|
|
|
32 |
|
|
# Run RootKit Hunter if available |
33 |
|
|
if [ -x $RKHUNTER ]; then |
34 |
|
|
/bin/echo -e "\n--------------------- Start Rootkit Hunter Update ---------------------" \ |
35 |
|
|
> $TMPFILE1 |
36 |
|
|
/bin/nice -n 10 $RKHUNTER --update --nocolors 2>&1 >> $TMPFILE1 |
37 |
|
|
/bin/echo -e "\n---------------------- Start Rootkit Hunter Scan ----------------------" \ |
38 |
|
|
>> $TMPFILE1 |
39 |
|
|
/bin/nice -n 10 $RKHUNTER $RKHUNTER_FLAGS 2>&1 >> $TMPFILE1 |
40 |
|
|
XITVAL=$? |
41 |
|
|
/bin/echo -e "\n----------------------- End Rootkit Hunter Scan -----------------------" \ |
42 |
|
|
>> $TMPFILE1 |
43 |
|
|
|
44 |
|
|
if [ $XITVAL != 0 ]; then |
45 |
|
|
/bin/cat $TMPFILE1 | /bin/mail -s "rkhunter Daily Run on $(hostname)" $MAILTO |
46 |
|
|
fi |
47 |
|
|
/bin/cat $TMPFILE1 >> $LOGFILE |
48 |
|
|
fi |
49 |
|
|
|
50 |
|
|
# Delete the gating lockfile |
51 |
|
|
/bin/rm -f /var/lock/subsys/rkhunter |
52 |
|
|
fi |
53 |
|
|
|
54 |
|
|
# Delete the secure tempfile |
55 |
|
|
/bin/rm -f $TMPFILE1 |
56 |
|
|
|
57 |
|
|
exit $XITVAL |