1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
|
#!/bin/bash
# original author: Aaron Walker <ka0ttic@gentoo.org>
########################## Begin Configuration ###############################
# Default options - more options may be added depending on the
# configuration variables you set below
# --cronjob implies -c, --nocolor, --sk
RKHUNTER_OPTS="--cronjob --summary"
# Set this to 'yes' to enable ; this script does nothing otherwise
ENABLE=no
# Automatically update rkhunter's dat files prior to running?
UPDATE=no
# Set this to 'yes' if you wish the output to be mailed to you
SEND_EMAIL=no
# NOTE: the following EMAIL_* variables are only relevant if you set the
# SEND_EMAIL variable to 'yes'
EMAIL_SUBJECT="${HOSTNAME}: rkhunter output"
EMAIL_RECIPIENT=root
EMAIL_CMD="|mail -s \"${EMAIL_SUBJECT}\" ${EMAIL_RECIPIENT}"
# Log rkhunter output?
LOG=no
# The default log location is /var/log/rkhunter.log. Set this variable if
# you'd like to use an alternate location.
#LOGFILE=""
# By default, the log file created by rkhunter is world-readable (0644). If
# you'd like to modify the permissions afterwards, set this variable. The
# value of this variable, must be a valid chmod argument such as '0600' or
# 'u+rw,go-rwx'. See the chmod(1) manual page for more information.
#LOGFILE_PERMS="0600"
# By default, rkhunter overwrites the previous log. Set this variable
# to 'yes' if you'd like the log output appended to the logfile, instead
# of overwriting it.
SAVE_OLD_LOGS=no
# Set to 1 to recieve only warnings & errors
# Set to 2 to recieve ALL rkhunter output
# Set to 3 to recieve rkhunter report
VERBOSITY=3
########################### End Configuration ################################
# exit immediately, unless enabled
[[ "${ENABLE}" == "yes" ]] || exit 0
# debug mode? (mainly for my benefit)
if [[ -n "${1}" ]] && [[ ${1} = "-d" ]] ; then
set -o verbose -o xtrace
fi
[[ -z "${LOGFILE}" ]] && LOGFILE="/var/log/rkhunter.log"
# moved this out of config section since it'll
# probably never need to be changed
RKHUNTER_EXEC="/usr/sbin/rkhunter"
# sanity check
if [[ ! -x "${RKHUNTER_EXEC}" ]] ; then
echo "${RKHUNTER_EXEC} does not exist or is not executable!"
exit 1
fi
# we create a few tmp files, so let's at least make
# them readable/writable by root only
umask 0077
# all output goes to this temp file
_tmpout=$(mktemp /tmp/rkhunter.cron.XXXXXX)
exec > ${_tmpout} 2>&1
# update data files
if [[ "${UPDATE}" == "yes" ]] ; then
# save the output of --update in a tmp file so that it can be mailed
# along with the scan output; otherwise the user will get 2 mails
${RKHUNTER_EXEC} --nocolor --update
fi
# formulate options string according to user configuration
[[ "${LOG}" == "yes" ]] && \
RKHUNTER_OPTS="${RKHUNTER_OPTS} --createlogfile ${LOGFILE}"
case "${VERBOSITY}" in
# warnings and errors only
1) RKHUNTER_OPTS="${RKHUNTER_OPTS} --quiet" ;;
# default rkhunter output (no extra options)
# 2) ;;
# default to option 3
*) ;;
esac
# save old log
if [[ "${LOG}" == "yes" && "${SAVE_OLD_LOGS}" == "yes" ]] ; then
if [[ -e "${LOGFILE}" ]] ; then
_tmpfile=$(mktemp ${LOGFILE}.XXXXXX)
mv -f ${LOGFILE} ${_tmpfile}
echo -e "--\nrkhunter.cron commencing at: $(date)\n--" >> ${_tmpfile}
fi
fi
# finally, run rkhunter
CMD="${RKHUNTER_EXEC} ${RKHUNTER_OPTS}"
eval ${CMD}
RV=$?
# email output?
if [[ "${SEND_EMAIL}" == "yes" ]] ; then
CMD="cat ${_tmpout} ${EMAIL_CMD}"
eval ${CMD}
fi
# remove temp file
[[ -n "${_tmpout}" ]] && rm -f ${_tmpout}
[[ "${LOG}" != "yes" ]] && exit ${RV}
# from this point on, we can assume logging is enabled
# append new log to old log and restore
if [[ -n "${_tmpfile}" ]] ; then
cat ${LOGFILE} >> ${_tmpfile}
mv ${_tmpfile} ${LOGFILE}
fi
chmod ${LOGFILE_PERMS:-0644} ${LOGFILE}
exit ${RV}
|