#!/bin/bash # variables LOGFILE="$(hostname)_chkrootkit-$(date +'%Y-%m-%d').txt"; GOTIFY_MESSAGE="Scan init: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r" LOGS_RELATIVE_PATH="security/" readonly TOKEN="" # vars chkrootkit SNIFFERS_WHITELIST="dhclient" FILES_WHITELIST="/usr/lib/ruby/vendor_ruby/rubygems/ssl_certs/.document " FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htaccess " FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/.htpasswd " FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/*/.htaccess " FILES_WHITELIST="${FILES_WHITELIST} /usr/lib/python3/dist-packages/fail2ban/tests/files/config/apache-auth/*/*/.htpasswd" OUT=$(chkrootkit -q -s "$SNIFFERS_WHITELIST" -e "$FILES_WHITELIST") if [ -n "$OUT" ] then issues=$(echo "$OUT" | wc -l) OUT=$(echo "$OUT" | sed -z 's/\n/\\n/g') echo $OUT > "./$LOGFILE" # send log to logs public archive LOG_URL=$(sh ./utils/logger.sh "./$LOGFILE" $LOGS_RELATIVE_PATH) # delete local log rm $LOGFILE GOTIFY_MESSAGE="${GOTIFY_MESSAGE} Scan end: **"`date +"%d/%m/%Y %H:%M:%S"`"** \r" GOTIFY_MESSAGE="${GOTIFY_MESSAGE} There are **$issues** security issues \r" GOTIFY_MESSAGE="${GOTIFY_MESSAGE} [LogFile]($LOG_URL)" sh ./utils/gotifypush.sh "CHK Scan $(hostname)" "$GOTIFY_MESSAGE" 5 $TOKEN else echo "[chkrootkit] system clean" fi