File: //etc/cron.daily/chkrootkit
#!/bin/sh
set -e
CHKROOTKIT=/usr/sbin/chkrootkit
CF=/etc/chkrootkit.conf
LOG_DIR=/var/log/chkrootkit
IGNORE_FILE=/dev/null
if [ ! -x $CHKROOTKIT ]; then
exit 0
fi
if [ -f $CF ]; then
. $CF
fi
if [ ! -r "${IGNORE_FILE}" ]; then
IGNORE_FILE=/dev/null
fi
if [ "$RUN_DAILY" = "true" ]; then
if [ "$DIFF_MODE" = "true" ]; then
eval $CHKROOTKIT $RUN_DAILY_OPTS 2>&1 | egrep -v -f "${IGNORE_FILE}" > $LOG_DIR/log.today || true
if [ ! -f $LOG_DIR/log.expected ]; then
echo "ERROR: No file $LOG_DIR/log.expected"
echo "This file should contain expected output from chkrootkit"
echo
echo "Today's run produced the following output:"
echo "--- [ BEGIN: cat $LOG_DIR/log.today ] ---"
cat $LOG_DIR/log.today
echo "--- [ END: cat $LOG_DIR/log.today ] ---"
echo
echo "To create this file containing all output from today's run, do (as root)"
echo "# cp -a $LOG_DIR/log.today $LOG_DIR/log.expected"
elif ! diff -q $LOG_DIR/log.expected $LOG_DIR/log.today > /dev/null 2>&1; then
echo "ERROR: chkrootkit output was not as expected."
echo
echo "The difference is:"
echo "---[ BEGIN: diff -u $LOG_DIR/log.expected $LOG_DIR/log.today ] ---"
diff -u $LOG_DIR/log.expected $LOG_DIR/log.today || true
echo "---[ END: diff -u $LOG_DIR/log.expected $LOG_DIR/log.today ] ---"
echo
echo "To update the expected output, run (as root)"
echo "# cp -a -f $LOG_DIR/log.today $LOG_DIR/log.expected"
fi
else
eval $CHKROOTKIT $RUN_DAILY_OPTS 2>&1 | (egrep -v -f "${IGNORE_FILE}") || true
fi
fi