diff options
| author | Frederic Lepied <flepied@mandriva.com> | 2002-01-22 20:13:48 +0000 |
|---|---|---|
| committer | Frederic Lepied <flepied@mandriva.com> | 2002-01-22 20:13:48 +0000 |
| commit | bdeb4424b358e54edeb7b9ec4d0c2100bfddac36 (patch) | |
| tree | ee1f7c4658a56a25fe385273276e2ad1ae34b7af | |
| parent | da66772cfaf407695a5b71baa3ebcada1e88f365 (diff) | |
| download | msec-bdeb4424b358e54edeb7b9ec4d0c2100bfddac36.tar msec-bdeb4424b358e54edeb7b9ec4d0c2100bfddac36.tar.gz msec-bdeb4424b358e54edeb7b9ec4d0c2100bfddac36.tar.bz2 msec-bdeb4424b358e54edeb7b9ec4d0c2100bfddac36.tar.xz msec-bdeb4424b358e54edeb7b9ec4d0c2100bfddac36.zip | |
experimental chkrootkit check.
| -rwxr-xr-x | cron-sh/security.sh | 13 | ||||
| -rwxr-xr-x | cron-sh/security_check.sh | 9 | ||||
| -rwxr-xr-x | share/msec.py | 1 |
3 files changed, 23 insertions, 0 deletions
diff --git a/cron-sh/security.sh b/cron-sh/security.sh index 5b974a4..6cc6b79 100755 --- a/cron-sh/security.sh +++ b/cron-sh/security.sh @@ -36,6 +36,8 @@ RPM_VA_DIFF="/var/log/security/rpm-va.diff" export RPM_QA_TODAY="/var/log/security/rpm-qa.today" RPM_QA_YESTERDAY="/var/log/security/rpm-qa.yesterday" RPM_QA_DIFF="/var/log/security/rpm-qa.diff" +export CHKROOTKIT_TODAY="/var/log/security/chkrootkit.today" +CHKROOTKIT_YESTERDAY="/var/log/security/chkrootkit.yesterday" # Modified filters coming from debian security scripts. CS_NFSAFS='(nfs|afs|xfs|coda)' @@ -86,6 +88,10 @@ if [[ -f ${RPM_QA_TODAY} ]]; then mv -f ${RPM_QA_TODAY} ${RPM_QA_YESTERDAY} fi +if [[ -f ${CHKROOTKIT_TODAY} ]]; then + mv -f ${CHKROOTKIT_TODAY} ${CHKROOTKIT_YESTERDAY} +fi + netstat -pvlA inet 2> /dev/null > ${OPEN_PORT_TODAY}; # Hard disk related file check; the less priority the better... @@ -135,6 +141,13 @@ if [[ ${RPM_CHECK} == yes ]]; then nice --adjustment=+19 rpm -V `cut -f 1 < ${RPM_QA_TODAY} | grep -v '^dev-[0-9]'` | grep '^..5' | sed 's/...........//' | sort > ${RPM_VA_TODAY} fi +### chkrootkit checks +if [[ ${CHKROOTKIT_CHECK} == yes ]]; then + if [ -x /usr/sbin/chkrootkit ]; then + /usr/sbin/chkrootkit > ${CHKROOTKIT_TODAY} + fi +fi + ### Functions ### Syslog() { diff --git a/cron-sh/security_check.sh b/cron-sh/security_check.sh index 9ffc469..0c895ca 100755 --- a/cron-sh/security_check.sh +++ b/cron-sh/security_check.sh @@ -258,6 +258,15 @@ if [[ ${RPM_CHECK} == yes ]]; then fi fi +### chkrootkit checks +if [[ ${CHKROOTKIT_CHECK} == yes ]]; then + + if [[ -s ${CHKROOTKIT_TODAY} ]]; then + printf "\nChkrootkit report:\n" >> ${SECURITY} + cat ${CHKROOTKIT_TODAY} >> ${SECURITY} + fi +fi + ### Report if [[ -s ${SECURITY} ]]; then Syslog ${SECURITY} diff --git a/share/msec.py b/share/msec.py index fc7a2ab..bacdc25 100755 --- a/share/msec.py +++ b/share/msec.py @@ -182,6 +182,7 @@ FILE_CHECKS = {'CHECK_SECURITY' : ('no', 'yes', 'yes', 'yes', 'yes', 'yes', 'MAIL_WARN' : ('no', 'no', 'no', 'yes', 'yes', 'yes', ), 'SYSLOG_WARN' : ('no', 'no', 'yes', 'yes', 'yes', 'yes', ), 'RPM_CHECK' : ('no', 'no', 'no', 'yes', 'yes', 'yes', ), + 'CHKROOTKIT_CHECK' : ('no', 'no', 'no', 'yes', 'yes', 'yes', ), } interactive and log(_('Configuring periodic files checks')) |