Portal Home > Knowledgebase > Articles Database > Help with rkhunter & chkrootkit?
Help with rkhunter & chkrootkit?
| Posted by kamnet, 06-30-2008, 09:21 AM |
| Okay, I've honestly never had to worry about protecting myself from exploits until this week, when I found out somebody agined access t othe server using an old script on an old account (teach me to delete client accounts when they leave me, it did!)
I'm working on a new server and going through lots of posts on better securing it, and two things that are suggested is installing chkrootkit and rkhunter, and adding them to the daily cron jobs. Learned how to install and set up the daily script for chkrootkit, but here's what I'd like to do that I'm not sure how to go about, I'd like to a) be notified ONLY if there are changes in the daily scans (especially since there are a couple of false positives I'm aware of) and b) be e-mailed a full report once a week, whether or not there were any changes.
I've got rkhunter installed as well, but I can't seem to find a script that will properly execute it and e-mail it to me. Does anybody have one that works? I'd also like to only get an e-mail if there are changes, except for a once weekly scan result.
All help is much appreciated. TIA
|
| Posted by activelobby4u, 06-30-2008, 10:06 AM |
| you must probably read the output file using a shell script and then get it mail to you if its different from the normal scan report.
|
| Posted by kamnet, 06-30-2008, 10:06 AM |
| Yes. How do I do that? :-)
|
| Posted by activelobby4u, 06-30-2008, 11:40 AM |
| the logic is
1. create a sample output file
2. use diff command to find if there is a difference between the template and the new file
3. if yes, send a mail from your script with a copy of the new output file
|
Add to Favourites 
Print this Article
Also Read
