Installing chkrootkit in RHEL/CentOS 4
Download and install chkrootkit rpm
# wget http://apt.sw.be/redhat/el4/en/i386/dag/RPMS/chkrootkit-0.47-1.el4.rf.i386.rpm
# rpm –ivh chkrootkit-0.47-1.el4.rf.i386.rpm
Create a rootkitscanner script
# vi rootkitscanner
----------------------------------------------------------------
#/bin/bash
#rootkitscanner script
#by penoytechcentral.blogspot.com
#setting up the date
month=`date "+%m"`
today=`expr \`date "+%d"\``
year=`date "+%y"`
dirdate=$month-$today-$year
#delete the previous log
rm -f /var/log/chkrootkit_*.log
#scan the server for rootkits
/usr/bin/chkrootkit > /var/log/chkrootkit_$dirdate.log
SUBJECT=`hostname`" Automated Security Alert"
TO="your-email@domain.com"
mail -s "$SUBJECT" "$TO" < /var/log/chkrootkit_$dirdate.log
-----------------------------------------------------------------
Give and execute permission and copy the script to weekly cron
#chmod +x rootkitscanner
#cp rootkitscanner /etc/cron.weekly
No comments:
Post a Comment