From b07d29fb97227bbea07da04422ca0e9451660d14 Mon Sep 17 00:00:00 2001
From: Andreas Hasenack <andreas@mandriva.com>
Date: Thu, 10 Jan 2008 19:30:27 +0000
Subject: - include chkrootkit diff report (#21369)

---
 cron-sh/diff_check.sh | 18 ++++++++++++++++++
 cron-sh/security.sh   |  1 +
 2 files changed, 19 insertions(+)

diff --git a/cron-sh/diff_check.sh b/cron-sh/diff_check.sh
index 2512a13..3c0fc27 100755
--- a/cron-sh/diff_check.sh
+++ b/cron-sh/diff_check.sh
@@ -184,6 +184,24 @@ if [[ ${RPM_CHECK} == yes ]]; then
     fi
 fi
 
+### Changed chkrootkit
+if [[ ${CHKROOTKIT_CHECK} == yes ]]; then
+
+    if [[ -f ${CHKROOTKIT_YESTERDAY} ]]; then
+       diff -u ${CHKROOTKIT_YESTERDAY} ${CHKROOTKIT_TODAY} 1> ${CHKROOTKIT_DIFF}
+       if [ -s ${CHKROOTKIT_DIFF} ]; then
+           printf "\nSecurity Warning: There are modifications for chkrootkit results :\n" >> ${TMP}
+           grep '^+' ${CHKROOTKIT_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
+               printf "\t\t-  Added : ${file}\n"
+           done >> ${TMP}
+           grep '^-' ${CHKROOTKIT_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
+               printf "\t\t- Removed  : ${file}\n"
+           done >> ${TMP}
+        fi
+    fi
+fi
+
+
 ######## Report ######
 date=`date`
 hostname=`hostname`
diff --git a/cron-sh/security.sh b/cron-sh/security.sh
index 30c1434..e0671de 100755
--- a/cron-sh/security.sh
+++ b/cron-sh/security.sh
@@ -69,6 +69,7 @@ RPM_QA_YESTERDAY="/var/log/security/rpm-qa.yesterday"
 RPM_QA_DIFF="/var/log/security/rpm-qa.diff"
 export CHKROOTKIT_TODAY="/var/log/security/chkrootkit.today"
 CHKROOTKIT_YESTERDAY="/var/log/security/chkrootkit.yesterday"
+CHKROOTKIT_DIFF="/var/log/security/chkrootkit.diff"
 export EXCLUDE_REGEXP
 
 # Modified filters coming from debian security scripts.
-- 
cgit v1.2.1