diff options
author | Andreas Hasenack <andreas@mandriva.com> | 2008-01-10 19:30:27 +0000 |
---|---|---|
committer | Andreas Hasenack <andreas@mandriva.com> | 2008-01-10 19:30:27 +0000 |
commit | b07d29fb97227bbea07da04422ca0e9451660d14 (patch) | |
tree | 2a07d573daa8538e88fb4037e2bafe49b2240c38 /cron-sh | |
parent | 757b7d782a7124a08fb1869eeca7ed3a927b0982 (diff) | |
download | msec-b07d29fb97227bbea07da04422ca0e9451660d14.tar msec-b07d29fb97227bbea07da04422ca0e9451660d14.tar.gz msec-b07d29fb97227bbea07da04422ca0e9451660d14.tar.bz2 msec-b07d29fb97227bbea07da04422ca0e9451660d14.tar.xz msec-b07d29fb97227bbea07da04422ca0e9451660d14.zip |
- include chkrootkit diff report (#21369)
Diffstat (limited to 'cron-sh')
-rwxr-xr-x | cron-sh/diff_check.sh | 18 | ||||
-rwxr-xr-x | cron-sh/security.sh | 1 |
2 files changed, 19 insertions, 0 deletions
diff --git a/cron-sh/diff_check.sh b/cron-sh/diff_check.sh index 2512a13..3c0fc27 100755 --- a/cron-sh/diff_check.sh +++ b/cron-sh/diff_check.sh @@ -184,6 +184,24 @@ if [[ ${RPM_CHECK} == yes ]]; then fi fi +### Changed chkrootkit +if [[ ${CHKROOTKIT_CHECK} == yes ]]; then + + if [[ -f ${CHKROOTKIT_YESTERDAY} ]]; then + diff -u ${CHKROOTKIT_YESTERDAY} ${CHKROOTKIT_TODAY} 1> ${CHKROOTKIT_DIFF} + if [ -s ${CHKROOTKIT_DIFF} ]; then + printf "\nSecurity Warning: There are modifications for chkrootkit results :\n" >> ${TMP} + grep '^+' ${CHKROOTKIT_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do + printf "\t\t- Added : ${file}\n" + done >> ${TMP} + grep '^-' ${CHKROOTKIT_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do + printf "\t\t- Removed : ${file}\n" + done >> ${TMP} + fi + fi +fi + + ######## Report ###### date=`date` hostname=`hostname` diff --git a/cron-sh/security.sh b/cron-sh/security.sh index 30c1434..e0671de 100755 --- a/cron-sh/security.sh +++ b/cron-sh/security.sh @@ -69,6 +69,7 @@ RPM_QA_YESTERDAY="/var/log/security/rpm-qa.yesterday" RPM_QA_DIFF="/var/log/security/rpm-qa.diff" export CHKROOTKIT_TODAY="/var/log/security/chkrootkit.today" CHKROOTKIT_YESTERDAY="/var/log/security/chkrootkit.yesterday" +CHKROOTKIT_DIFF="/var/log/security/chkrootkit.diff" export EXCLUDE_REGEXP # Modified filters coming from debian security scripts. |