Even if rkhunter has been ran firstly with --propupd option some
warnings are show in logs. This is a little bit annoying because it is
caused of known alerts. I wrote a short batch script that stores last
log and compares it with a new log when rkh runs. So it can assume that
old known warnings should no be shown. Just when a difference between
old and new log exists, a popup window (need zenity in your system)
notice you. I am not a good batch coder but it works. It's enougth for
me. I hope for you too and it will be helpfull.
You can edit an .sh file, set +x permission and run it as root
$sudo ./rkhunter_diff.sh option
option must be assume or noassume
First run time option is autoset to noassume if log not found
_____________________________
#!/bin/bash
# Var
return_code=0
rkhunterlog="/var/log/rkhunter.log"
last_rkhunterlog="/var/log/last_rkhunter.log"
# Check root
if [[ $EUID -ne 0 ]]; then
echo "Rkhunter need root" 1>&2
exit 1
fi
#Check chkrootkit log
if [ ! -f $rkhunterlog ]
then
echo "No exists "$rkhunterlog"..." " setting option: noassume"
opt="noassume"
else
#Check opt
if [ "$1" == "assume" ] || [ "$1" == "noassume" ]
then
opt=$1
echo "Option set to:"$opt
else
echo "Must set an option: assume or noassume"
exit 1
fi
fi
#Copy log to lastlog
if [ "$opt" == "assume" ]
then
sudo cp $rkhunterlog $last_rkhunterlog
fi
#Update rkhunter
sudo rkhunter --update
return_code=$?
if [ $return_code -ne 0 ]
then
echo "Error while rkhunter update, using old data"
else
echo "rkhunter successfully updated"
fi
# Start rkhunter
sudo rkhunter --check -sk
return_code=$?
# Show scanner
if [[ $return_code -ne 0 && $return_code -ne 1 ]]
then
echo "";echo "rkhunter error"; echo ""
else
#Compare new and old log
if [ "$opt" = "assume" ] ; then
r_diff=`sudo diff $rkhunterlog $last_rkhunterlog`
if [ ! "$r_diff" == "" ]; then
set_popup="0"
fi
fi
if [ "$opt" = "noassume" ] ; then
set_popup="1"
fi
if ! sudo grep 'Possible rootkits: 0' $rkhunterlog; then
if [ "$set_popup" == "1" ]
then
zenity --warning --text="rkhunter message: possible rootkit \n
check the log file (/var/log/rkhunter.log)"
fi
fi
if ! sudo grep 'Suspect files: 0' $rkhunterlog; then
if [ "$set_popup" == "1" ]
then
zenity --warning --text="rkhunter message: suspect files \n
check the
log file (/var/log/rkhunter.log)"
fi
fi
fi
------------------------------------------------------------------------------
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
