#!/bin/bash # $Header: /var/cvsroot/gentoo-x86/app-forensics/rkhunter/files/rkhunter.cron,v 1.2 2004/12/07 10:33:36 ka0ttic Exp $ # original author: Aaron Walker ########################## Begin Configuration ############################### # Default options - more options may be added depending on the # configuration variables you set below RKHUNTER_OPTS="-c --cronjob --skip-keypress" # Set this to 'yes' to enable ; this script does nothing otherwise ENABLE=no # Automatically update rkhunter's dat files prior to running? UPDATE=no # Set this to 'yes' if you wish the output to be mailed to you SEND_EMAIL=no # NOTE: the following EMAIL_* variables are only relevant if you set the # SEND_EMAIL variable to 'yes' EMAIL_SUBJECT="${HOSTNAME}: rkhunter output" EMAIL_RECIPIENT=root EMAIL_CMD="|mail -s \"${EMAIL_SUBJECT}\" ${EMAIL_RECIPIENT}" # Log rkhunter output? LOG=no # The default log location is /var/log/rkhunter.log. Set this variable if # you'd like to use an alternate location. #LOGFILE="" # By default, the log file created by rkhunter is world-readable (0644). If # you'd like to modify the permissions afterwards, set this variable. The # value of this variable, must be a valid chmod argument such as '0600' or # 'u+rw,go-rwx'. See the chmod(1) manual page for more information. #LOGFILE_PERMS="0600" # By default, rkhunter overwrites the previous log. Set this variable # to 'yes' if you'd like the log output appended to the logfile, instead # of overwriting it. SAVE_OLD_LOGS=no # Set to 1 to recieve only warnings & errors # Set to 2 to recieve ALL rkhunter output # Set to 3 to recieve rkhunter report VERBOSITY=3 ########################### End Configuration ################################ # exit immediately, unless enabled [[ "${ENABLE}" != "yes" ]] && exit 0 # debug mode? (mainly for my benefit) if [ -n "$1" ] && [ "$1" = "-d" ] ; then set -o verbose -o xtrace fi [ -z "${LOGFILE}" ] && LOGFILE="/var/log/rkhunter.log" # moved this out of config section since it'll # probably never need to be changed RKHUNTER_EXEC="/usr/bin/rkhunter" # sanity check if [ ! -x "${RKHUNTER_EXEC}" ] ; then echo "${RKHUNTER_EXEC} does not exist or is not executable!" exit 1 fi # we create a few tmp files, so let's at least make # them readable/writable by root only umask 0077 # all output goes to this temp file _tmpout="/tmp/rkhunter.cron.${RANDOM}" exec > ${_tmpout} 2>&1 # update data files if [[ "${UPDATE}" == "yes" ]] ; then # save the output of --update in a tmp file so that it can be mailed # along with the scan output; otherwise the user will get 2 mails ${RKHUNTER_EXEC} --update fi # formulate options string according to user configuration [[ "${LOG}" == "yes" ]] && \ RKHUNTER_OPTS="${RKHUNTER_OPTS} --createlogfile ${LOGFILE}" case "${VERBOSITY}" in # warnings and errors only 1) RKHUNTER_OPTS="${RKHUNTER_OPTS} --quiet" ;; # default rkhunter output (no extra options) 2) ;; # default to option 3 (report-mode) *) RKHUNTER_OPTS="${RKHUNTER_OPTS} --report-mode" ;; esac # save old log if [[ "${LOG}" == "yes" && "${SAVE_OLD_LOGS}" == "yes" ]] ; then if [ -e "${LOGFILE}" ] ; then _tmpfile="${LOGFILE}.${RANDOM}" mv -f ${LOGFILE} ${_tmpfile} echo -e "--\nrkhunter.cron commencing at: $(date)\n--" >> ${_tmpfile} fi fi # finally, run rkhunter CMD="${RKHUNTER_EXEC} ${RKHUNTER_OPTS}" eval ${CMD} RV=$? # email output? if [[ "${SEND_EMAIL}" == "yes" ]] ; then CMD="cat ${_tmpout} ${EMAIL_CMD}" eval ${CMD} fi # remove temp file [ -n "${_tmpout}" ] && rm -f ${_tmpout} [[ "${LOG}" != "yes" ]] && exit ${RV} # from this point on, we can assume logging is enabled # append new log to old log and restore if [ -n "${_tmpfile}" ] ; then cat ${LOGFILE} >> ${_tmpfile} mv ${_tmpfile} ${LOGFILE} fi chmod ${LOGFILE_PERMS:-0644} ${LOGFILE} exit ${RV}