-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathrkhunter.sh
executable file
·70 lines (55 loc) · 1.65 KB
/
rkhunter.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
#!/bin/bash
# rkhunter.sh - run rkhunter then log & email results
# author : Chad Mayfield ([email protected])
# license : gplv3
command -v logrotate >/dev/null 2>&1; logrotate=1 || { logrotate=0; }
command -v rkhunter >/dev/null 2>&1 || \
{ echo >&2 "ERROR: rkhunter isn't installed!"; exit 1; }
if [ $UID -ne 0 ]; then
echo "ERROR: You must be root to run this utility!"
exit 1
fi
# set which package manager we should use
if [ -f /etc/os-release ]; then
pkgmgr=RPM
elif [[ $(lsb_release -a 2> /dev/null | grep Desc) =~ (Ubuntu|Debian) ]]; then
pkgmgr=DPKG
elif [[ $OSTYPE =~ "darwin" ]]; then
pkgmgr=BSD
else
pkgmgr=NONE
fi
# we want logrotate to rotate the logs weekly
if [ $logrotate -eq 1 ]; then
echo "checking if logrotate has been configured..."
if [ $(grep -c rkhunter /etc/logrotate.d/*) -ne 1 ]; then
#/var/log/rkhunter/rkhunter.log {
# weekly
# notifempty
# create 640 root root
#}
echo "skipping logrotate autoconf, not implemented yet"
else
echo "rkhunter is already configured in logrotate"
fi
fi
# where's our logs?
logfile="/var/log/rkhunter/rkhunter.log"
# runtime options
rkhunter="command rkhunter"
ver_opts="--rwo --nocolors --versioncheck"
upt_opts="--rwo --nocolors --update"
run_opts="-c --nomow --nocolors --syslog --pkgmgr $pkgmgr --cronjob --summary"
# mail config
mail_to='[email protected]'
mail_from="root@$(hostname)"
subject="RKHUNTER: Scan results for $(hostname)."
# version check
$rkhunter $ver_opts
# run an update
$rkhunter $upt_opts
# finally run
$rkhunter $run_opts
# send an email
mail -s "$subject" $mail_to < $logfile
#EOF