On Tue, Jun 18, 2002 at 11:23:11PM -0400, Jon Gaudette wrote:
> I have recently played around with chkrootkit and I want it to check
> every day in the crontab and e-mail me any errors it receives. I was
> wondering if anyone here would know what commands I would put into the
> grep so that it would e-mail me a file that it found "infected" but not
> "not infected". I cannot seem to get a handle on uisng the "not"
> commands in grep, and cannot figure out how to do this.
> If anyone has a predone script that would be even better. I don't see
> why there wouldn't be, as this would be a great thing to have. Thank
> you in advance!
I manage a cluster of systems from a central system. The
central system uses ssh to transport over the chkrootkit tarball
to the system under test, unpacks, runs it, and stores the result
on the control system under the test system name. As each system
is completed, it's report output is diffed against the previous
night's output. Any discrepancies and manually examined. Typically
they are false alarms on lkm due to processes on busy systems.
Of course, I double checked the initial baseline runs. :-)=)
You can run it from cron and have it mail you a daily report.
Mike
> --
> ************************************************************************
> * Jon "GenKiller" Gaudette ultra übergeek *
> * Webmaster / Founder -|- DDN -|- http://www.digital-drip.com *
> * Co-Webmaster -|- CNCNZ -|- http://www.cncnz.com *
> * Co-Webmaster -|- APS -|- http://auburn.k12.ma.us *
> ************************************************************************
>
>
>
>
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
===== runchkroot.sh =====
#!/bin/sh -
DATE=`date +%Y%m%d`
if [ "$1" = "" ] ; then
# Insert your default list of systems between the next two lines...
SYSTEMS="
"
else
SYSTEMS=$*
fi
[ -d reports.$DATE ] || mkdir reports.$DATE
for SYSTEM in $SYSTEMS ; do
echo Testing $SYSTEM
cat chkrootkit.tar.gz | ssh -q root@$SYSTEM 'rm -rf /tmp/chkrootkit ; mkdir
/tmp/chkrootkit ; cd /tmp/chkrootkit ; tar xzf - ; cd chk* ; make ; [ -x chkrootkit ]
&& ./chkrootkit ; cd / ; rm -rf /tmp/chkrootkit' > reports.$DATE/$SYSTEM
if [ -s reports.$DATE/$SYSTEM ]; then
if [ -s reports.latest/$SYSTEM ]; then
if diff reports.latest/$SYSTEM reports.$DATE/$SYSTEM >
reports.$DATE/$SYSTEM.diff ; then
rm -f reports.$DATE/$SYSTEM.diff
else
echo "System $SYSTEM status has changed"
cat reports.$DATE/$SYSTEM.diff
fi
rm -f reports.latest/$SYSTEM
fi
ln reports.$DATE/$SYSTEM reports.latest/$SYSTEM
else
echo "Unable to generate report on $SYSTEM"
fi
done
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
