From bdeb4424b358e54edeb7b9ec4d0c2100bfddac36 Mon Sep 17 00:00:00 2001
From: Frederic Lepied <flepied@mandriva.com>
Date: Tue, 22 Jan 2002 20:13:48 +0000
Subject: experimental chkrootkit check.

---
 cron-sh/security.sh       | 13 +++++++++++++
 cron-sh/security_check.sh |  9 +++++++++
 share/msec.py             |  1 +
 3 files changed, 23 insertions(+)

diff --git a/cron-sh/security.sh b/cron-sh/security.sh
index 5b974a4..6cc6b79 100755
--- a/cron-sh/security.sh
+++ b/cron-sh/security.sh
@@ -36,6 +36,8 @@ RPM_VA_DIFF="/var/log/security/rpm-va.diff"
 export RPM_QA_TODAY="/var/log/security/rpm-qa.today"
 RPM_QA_YESTERDAY="/var/log/security/rpm-qa.yesterday"
 RPM_QA_DIFF="/var/log/security/rpm-qa.diff"
+export CHKROOTKIT_TODAY="/var/log/security/chkrootkit.today"
+CHKROOTKIT_YESTERDAY="/var/log/security/chkrootkit.yesterday"
 
 # Modified filters coming from debian security scripts.
 CS_NFSAFS='(nfs|afs|xfs|coda)'
@@ -86,6 +88,10 @@ if [[ -f ${RPM_QA_TODAY} ]]; then
     mv -f ${RPM_QA_TODAY} ${RPM_QA_YESTERDAY}
 fi
 
+if [[ -f ${CHKROOTKIT_TODAY} ]]; then
+    mv -f ${CHKROOTKIT_TODAY} ${CHKROOTKIT_YESTERDAY}
+fi
+
 netstat -pvlA inet 2> /dev/null > ${OPEN_PORT_TODAY};
 
 # Hard disk related file check; the less priority the better...
@@ -135,6 +141,13 @@ if [[ ${RPM_CHECK} == yes ]]; then
     nice --adjustment=+19 rpm -V `cut -f 1  < ${RPM_QA_TODAY} | grep -v '^dev-[0-9]'` | grep '^..5' | sed 's/...........//' | sort > ${RPM_VA_TODAY}
 fi
 
+### chkrootkit checks
+if [[ ${CHKROOTKIT_CHECK} == yes ]]; then
+    if [ -x /usr/sbin/chkrootkit ]; then
+	/usr/sbin/chkrootkit > ${CHKROOTKIT_TODAY}
+    fi
+fi
+
 ### Functions ###
 
 Syslog() {
diff --git a/cron-sh/security_check.sh b/cron-sh/security_check.sh
index 9ffc469..0c895ca 100755
--- a/cron-sh/security_check.sh
+++ b/cron-sh/security_check.sh
@@ -258,6 +258,15 @@ if [[ ${RPM_CHECK} == yes ]]; then
     fi
 fi
 
+### chkrootkit checks
+if [[ ${CHKROOTKIT_CHECK} == yes ]]; then
+
+    if [[ -s ${CHKROOTKIT_TODAY} ]]; then
+	printf "\nChkrootkit report:\n" >> ${SECURITY}
+	cat ${CHKROOTKIT_TODAY} >> ${SECURITY}
+    fi
+fi
+
 ### Report
 if [[ -s ${SECURITY} ]]; then
     Syslog ${SECURITY}
diff --git a/share/msec.py b/share/msec.py
index fc7a2ab..bacdc25 100755
--- a/share/msec.py
+++ b/share/msec.py
@@ -182,6 +182,7 @@ FILE_CHECKS = {'CHECK_SECURITY' :   ('no',  'yes', 'yes', 'yes',  'yes',  'yes',
                'MAIL_WARN' :        ('no',  'no',  'no',  'yes',  'yes',  'yes',  ),
                'SYSLOG_WARN' :      ('no',  'no',  'yes', 'yes',  'yes',  'yes',  ),
                'RPM_CHECK' :        ('no',  'no',  'no',  'yes',  'yes',  'yes',  ),
+               'CHKROOTKIT_CHECK' : ('no',  'no',  'no',  'yes',  'yes',  'yes',  ),
                }
 
 interactive and log(_('Configuring periodic files checks'))
-- 
cgit v1.2.1