chkrootkit sample bash script

You are here:

Home
General
chkrootkit sample bash script

Hello, below is the sample bash script that I frequently use to manage chkrootkit binary.

What is Chkrootkit?

Chkrootkit is a linux rootkit scanner

Updated: I’m not going to use chrootkit anymore because it seems like the installation has many bugs. Even the official FTP site is broken almost many years. In addition of that, if you look at the official github version, it looks like the owner might have abandoned this project for many years. Let’s move on.

#!/bin/bash

PATH=/bin:/usr/bin:/sbin:/usr/sbin
export PATH
#By Arafat Ali (MaXi32) - Chkrootkit check for warning or infected
#| TODO 1) Check update - No builtin update
#| TODO 2) Check level permission to run this script
#| TODO 3) More TODO

echo "======================================"
echo "[chkrootkit | info]: Chkrootkit is checking system..."

#Global variables
MYHOSTNAME=`/bin/hostname`
MYEMAIL="webmaster@sofibox.com"
CHKROOTKIT_LOG_PATH="/usr/local/maxicron/chkrootkit/log"
REPORT_FILE="/usr/local/maxicron/chkrootkit/log/chkrootkit-file.log"
REPORT_FILE_GREP="/usr/local/maxicron/chkrootkit/log/chkrootkit-file-grep.log"
#ROOTKIT_BIN="/usr/local/chkrootkit/"
MAIL_BIN="/usr/local/bin/mail"
WARNING_STATUS="N/A"

mkdir -p $CHKROOTKIT_LOG_PATH

sudo touch $REPORT_FILE
sudo chown root:adm $REPORT_FILE
sudo chmod 640 $REPORT_FILE
cat /dev/null > $REPORT_FILE

sudo touch $REPORT_FILE_GREP
sudo chown root:adm $REPORT_FILE_GREP
sudo chmod 640 $REPORT_FILE_GREP
cat /dev/null > $REPORT_FILE_GREP

echo "[chkrootkit | info]: Please wait..."
echo "Chkrootkit checked on `date`" >> $REPORT_FILE
/usr/local/chkrootkit/chkrootkit >> $REPORT_FILE
echo "Rootkit scan return: $?"
#exit 1
echo "" >> $REPORT_FILE
echo "==================SCAN COMPLETED=================" >> $REPORT_FILE
echo "" >> $REPORT_FILE
echo "================= WARNING NOTICE ================" >> $REPORT_FILE

if (grep -e "Warning" -e "INFECTED" -e "were found" $REPORT_FILE >> $REPORT_FILE_GREP) then
    WARNING_STATUS="WARNING"
    cat $REPORT_FILE_GREP >> $REPORT_FILE
    echo "[chkrootkit | info]: You may Check chkrootkit update manually" >> $REPORT_FILE
    echo "================== END OF NOTICE ================" >> $REPORT_FILE
    $MAIL_BIN -s "[chkrootkit | $WARNING_STATUS] Check Rootkit Scan Report  @ $MYHOSTNAME" $MYEMAIL < $REPORT_FILE
else
    WARNING_STATUS="OK"
    echo "" >> $REPORT_FILE
    echo "NO WARNING FOUND" >> $REPORT_FILE
    echo "" >> $REPORT_FILE
fi
# $MAIL_BIN -s "[chkrootkit | $WARNING_STATUS] Check Rootkit Scan Report  @ $MYHOSTNAME" $MYEMAIL < $REPORT_FILE
echo "[chkrootkit | info]: Scan Status: $WARNING_STATUS"
echo "[chkrootkit | info]: Done checking system. Email notification is set to $MYEMAIL"
echo "======================================"

Related

Category: GeneralBy Arafat Ali July 19, 2022 Leave a comment

Author: Arafat Ali

http://www.arafatx.com

Leave a Reply Cancel reply

You must be logged in to post a comment.