Una piccola modifica al file /etc/cron.daily/chkrootkit che viene installato di default su gentoo. In pratica lo script seguente notifica via mail la presenza di un eventuale rootkit installato.
#!/bin/bash
MAIL_ADDRESS=yourmail@address.com
/usr/sbin/chkrootkit >> /tmp/chkrootkit.mail
SYSTEM_STATUS=`cat /tmp/chkrootkit.mail | grep INFECTED`
# Check if system was infected!!!
if [ "$SYSTEM_STATUS" ]; then
echo >> /tmp/chkrootkit.mail
echo "************************************" >> /tmp/chkrootkit.mail
echo "* YOUR SYSTEM WAS INFECTED *" >> /tmp/chkrootkit.mail
echo "************************************" >> /tmp/chkrootkit.mail
echo >> /tmp/chkrootkit.mail
fi
# Sending mail
email -q -s "Chkrootkit of: `date`" $MAIL_ADDRESS < /tmp/chkrootkit.mail # Remove temp file rm -f /tmp/chkrootkit.mail
No comments:
Post a Comment