- include chkrootkit diff report (#21369)

2 files changed, 19 insertions, 0 deletions

diff --git a/cron-sh/diff_check.sh b/cron-sh/diff_check.sh
index 2512a13..3c0fc27 100755
--- a/cron-sh/diff_check.sh
+++ b/cron-sh/diff_check.sh
@@ -184,6 +184,24 @@ if [[ ${RPM_CHECK} == yes ]]; then
     fi
 fi
 
+### Changed chkrootkit
+if [[ ${CHKROOTKIT_CHECK} == yes ]]; then
+
+    if [[ -f ${CHKROOTKIT_YESTERDAY} ]]; then
+       diff -u ${CHKROOTKIT_YESTERDAY} ${CHKROOTKIT_TODAY} 1> ${CHKROOTKIT_DIFF}
+       if [ -s ${CHKROOTKIT_DIFF} ]; then
+           printf "\nSecurity Warning: There are modifications for chkrootkit results :\n" >> ${TMP}
+           grep '^+' ${CHKROOTKIT_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
+               printf "\t\t-  Added : ${file}\n"
+           done >> ${TMP}
+           grep '^-' ${CHKROOTKIT_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do
+               printf "\t\t- Removed  : ${file}\n"
+           done >> ${TMP}
+        fi
+    fi
+fi
+
+
 ######## Report ######
 date=`date`
 hostname=`hostname`
diff --git a/cron-sh/security.sh b/cron-sh/security.sh
index 30c1434..e0671de 100755
--- a/cron-sh/security.sh
+++ b/cron-sh/security.sh
@@ -69,6 +69,7 @@ RPM_QA_YESTERDAY="/var/log/security/rpm-qa.yesterday"
 RPM_QA_DIFF="/var/log/security/rpm-qa.diff"
 export CHKROOTKIT_TODAY="/var/log/security/chkrootkit.today"
 CHKROOTKIT_YESTERDAY="/var/log/security/chkrootkit.yesterday"
+CHKROOTKIT_DIFF="/var/log/security/chkrootkit.diff"
 export EXCLUDE_REGEXP
 
 # Modified filters coming from debian security scripts.