aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrederic Lepied <flepied@mandriva.com>2002-01-22 20:13:48 +0000
committerFrederic Lepied <flepied@mandriva.com>2002-01-22 20:13:48 +0000
commitbdeb4424b358e54edeb7b9ec4d0c2100bfddac36 (patch)
treeee1f7c4658a56a25fe385273276e2ad1ae34b7af
parentda66772cfaf407695a5b71baa3ebcada1e88f365 (diff)
downloadmsec-bdeb4424b358e54edeb7b9ec4d0c2100bfddac36.tar
msec-bdeb4424b358e54edeb7b9ec4d0c2100bfddac36.tar.gz
msec-bdeb4424b358e54edeb7b9ec4d0c2100bfddac36.tar.bz2
msec-bdeb4424b358e54edeb7b9ec4d0c2100bfddac36.tar.xz
msec-bdeb4424b358e54edeb7b9ec4d0c2100bfddac36.zip
experimental chkrootkit check.
-rwxr-xr-xcron-sh/security.sh13
-rwxr-xr-xcron-sh/security_check.sh9
-rwxr-xr-xshare/msec.py1
3 files changed, 23 insertions, 0 deletions
diff --git a/cron-sh/security.sh b/cron-sh/security.sh
index 5b974a4..6cc6b79 100755
--- a/cron-sh/security.sh
+++ b/cron-sh/security.sh
@@ -36,6 +36,8 @@ RPM_VA_DIFF="/var/log/security/rpm-va.diff"
export RPM_QA_TODAY="/var/log/security/rpm-qa.today"
RPM_QA_YESTERDAY="/var/log/security/rpm-qa.yesterday"
RPM_QA_DIFF="/var/log/security/rpm-qa.diff"
+export CHKROOTKIT_TODAY="/var/log/security/chkrootkit.today"
+CHKROOTKIT_YESTERDAY="/var/log/security/chkrootkit.yesterday"
# Modified filters coming from debian security scripts.
CS_NFSAFS='(nfs|afs|xfs|coda)'
@@ -86,6 +88,10 @@ if [[ -f ${RPM_QA_TODAY} ]]; then
mv -f ${RPM_QA_TODAY} ${RPM_QA_YESTERDAY}
fi
+if [[ -f ${CHKROOTKIT_TODAY} ]]; then
+ mv -f ${CHKROOTKIT_TODAY} ${CHKROOTKIT_YESTERDAY}
+fi
+
netstat -pvlA inet 2> /dev/null > ${OPEN_PORT_TODAY};
# Hard disk related file check; the less priority the better...
@@ -135,6 +141,13 @@ if [[ ${RPM_CHECK} == yes ]]; then
nice --adjustment=+19 rpm -V `cut -f 1 < ${RPM_QA_TODAY} | grep -v '^dev-[0-9]'` | grep '^..5' | sed 's/...........//' | sort > ${RPM_VA_TODAY}
fi
+### chkrootkit checks
+if [[ ${CHKROOTKIT_CHECK} == yes ]]; then
+ if [ -x /usr/sbin/chkrootkit ]; then
+ /usr/sbin/chkrootkit > ${CHKROOTKIT_TODAY}
+ fi
+fi
+
### Functions ###
Syslog() {
diff --git a/cron-sh/security_check.sh b/cron-sh/security_check.sh
index 9ffc469..0c895ca 100755
--- a/cron-sh/security_check.sh
+++ b/cron-sh/security_check.sh
@@ -258,6 +258,15 @@ if [[ ${RPM_CHECK} == yes ]]; then
fi
fi
+### chkrootkit checks
+if [[ ${CHKROOTKIT_CHECK} == yes ]]; then
+
+ if [[ -s ${CHKROOTKIT_TODAY} ]]; then
+ printf "\nChkrootkit report:\n" >> ${SECURITY}
+ cat ${CHKROOTKIT_TODAY} >> ${SECURITY}
+ fi
+fi
+
### Report
if [[ -s ${SECURITY} ]]; then
Syslog ${SECURITY}
diff --git a/share/msec.py b/share/msec.py
index fc7a2ab..bacdc25 100755
--- a/share/msec.py
+++ b/share/msec.py
@@ -182,6 +182,7 @@ FILE_CHECKS = {'CHECK_SECURITY' : ('no', 'yes', 'yes', 'yes', 'yes', 'yes',
'MAIL_WARN' : ('no', 'no', 'no', 'yes', 'yes', 'yes', ),
'SYSLOG_WARN' : ('no', 'no', 'yes', 'yes', 'yes', 'yes', ),
'RPM_CHECK' : ('no', 'no', 'no', 'yes', 'yes', 'yes', ),
+ 'CHKROOTKIT_CHECK' : ('no', 'no', 'no', 'yes', 'yes', 'yes', ),
}
interactive and log(_('Configuring periodic files checks'))