diff options
-rwxr-xr-x | cron-sh/diff_check.sh | 18 | ||||
-rwxr-xr-x | cron-sh/security.sh | 1 |
2 files changed, 19 insertions, 0 deletions
diff --git a/cron-sh/diff_check.sh b/cron-sh/diff_check.sh index 2512a13..3c0fc27 100755 --- a/cron-sh/diff_check.sh +++ b/cron-sh/diff_check.sh @@ -184,6 +184,24 @@ if [[ ${RPM_CHECK} == yes ]]; then fi fi +### Changed chkrootkit +if [[ ${CHKROOTKIT_CHECK} == yes ]]; then + + if [[ -f ${CHKROOTKIT_YESTERDAY} ]]; then + diff -u ${CHKROOTKIT_YESTERDAY} ${CHKROOTKIT_TODAY} 1> ${CHKROOTKIT_DIFF} + if [ -s ${CHKROOTKIT_DIFF} ]; then + printf "\nSecurity Warning: There are modifications for chkrootkit results :\n" >> ${TMP} + grep '^+' ${CHKROOTKIT_DIFF} | grep -vw "^+++ " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do + printf "\t\t- Added : ${file}\n" + done >> ${TMP} + grep '^-' ${CHKROOTKIT_DIFF} | grep -vw "^--- " | sed 's|^.||'|sed -e 's/%/%%/g' | while read file; do + printf "\t\t- Removed : ${file}\n" + done >> ${TMP} + fi + fi +fi + + ######## Report ###### date=`date` hostname=`hostname` diff --git a/cron-sh/security.sh b/cron-sh/security.sh index 30c1434..e0671de 100755 --- a/cron-sh/security.sh +++ b/cron-sh/security.sh @@ -69,6 +69,7 @@ RPM_QA_YESTERDAY="/var/log/security/rpm-qa.yesterday" RPM_QA_DIFF="/var/log/security/rpm-qa.diff" export CHKROOTKIT_TODAY="/var/log/security/chkrootkit.today" CHKROOTKIT_YESTERDAY="/var/log/security/chkrootkit.yesterday" +CHKROOTKIT_DIFF="/var/log/security/chkrootkit.diff" export EXCLUDE_REGEXP # Modified filters coming from debian security scripts. |