Télécharge checkrootkit, vérifie et envoie un mail. A mettre dans le cron.daily/weekly ;-) bonne chance, th0m (merci de me signaler les bugs).

#!/bin/sh
VERSION="0.0.1"
# autocheck.sh
# vassilian@icx.fr
#

REPORT="secu@domain.com"
PATH="/bin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"
TGZ="chkrootkit.tar.gz"
URL="ftp://ftp.pangeia.com.br/pub/seg/pac/$TGZ"
MDFIVE="chkrootkit.md5"
MD5="ftp://ftp.pangeia.com.br/pub/seg/pac/$MDFIVE"

LYNX=`which lynx`
WGET=`which wget`
SENDMAIL=`which sendmail`
MD5SUM=`which md5sum`
LOGGER=`which logger`

function end {
$LOGGER "chkrootkit - end"
killall $0
}

function inf {
        echo -e "\033[01;33;40m$@\033[00m"
}

function up2dateCK {
cd /tmp

for FICHIER in "$TGZ" "$MDFIVE" ".chk.log"
do
        if [ -e $FICHIER ]
        then
        mv $FICHIER $FICHIER.old.`date +%y%m%k%s`
        fi
done

$WGET $URL
$WGET $MD5
MD5SUM1=`cat $MDFIVE  |awk '{print $1}'`
MD5SUM2=`$MD5SUM $TGZ |awk '{print $1}'`

if [ "$MD5SUM1" = "$MD5SUM2" ]
then
        $LOGGER "chkrootkit - md5 $MD5SUM1"
else
        echo "Subject: $HOSTNAME - $TGZ MD5 ERROR" |sendmail -t $REPORT
        $LOGGER "chkrootkit - md5 error"
        sleep 2
        end
fi

REP=`tar zxvf $TGZ |head -n1`
tar zxvf $TGZ
cd $REP/
make
}

function banner {
inf "autocheck.sh ($VERSION)"
echo
$LOGGER "chkrootkit - autocheck.sh running. (PID $$)"
}

function go {
cd /tmp/$REP
echo "Subject: $HOSTNAME - Chkrootkit $VERSION report" > /tmp/.chk.log
./chkrootkit >> /tmp/.chk.log
cat /tmp/.chk.log | sendmail -t $REPORT
sleep 4
rm -f /tmp/.chk.log
}

function armor {
chmod 700 $0
}


#Main
banner
armor
up2dateCK
go
linux/auto_checkroot_kit.txt · Last modified: 2010/01/12 13:29 (external edit)