Add new comment

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
I have written a better cro
Submitted by Anonymous (not registered) on Wed, 2006-05-17 17:14.

I have written a better cron script, so thought would share it:

#!/bin/bash
SYSADMIN=youraddress@isp.com
TMPDIR=/tmp
HOSTNAME=`hostname`
DATE=`date "+%d/%m/%Y %H:%M"`
CHKROOTKIT=/usr/local/chkrootkit/chkrootkit
MAIL=mail

#
# Clean up before its runs
rm -f $TMPDIR/chkrootkit.$$
if [ -f $TMPDIR/chkrootkit.$$ ]; then
echo "Checkroot kit temp files exist in $TMPDIR directory that cannot be removed. This
may be an attempt to spoof the checker." \
| $MAIL -s "$HOSTNAME $DATE ACTIVE SYSTEM ATTACK!" $SYSADMIN
exit 1
fi

#
# Check for root kits
$CHKROOTKIT |grep INFECTED > $TMPDIR/chkrootkit.$$
if [ -s $TMPDIR/chkrootkit.$$ ]; then
cat $TMPDIR/chkrootkit.$$ | $MAIL -s "$DATE - ROOTKIT DETECTED ON $HOSTNAME!" $SYSADMIN
fi

# Clean Up
rm -f $TMPDIR/chkrootkit.$$

Cheers,
Max
www.intellectit.com.au

Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.

Reply

*
*
The content of this field is kept private and will not be shown publicly.


*

  • Images can be added to this post.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <div>
  • Lines and paragraphs break automatically.
More information about formatting options