#!/bin/sh
# 01-rkhunter A shell script to update and run rkhunter via CRON
XITVAL=0
# Get a secure tempfile
TMPFILE1=`/bin/mktemp -p /var/lib/rkhunter rkhcronlog.XXXXXXXXXX` || exit 1
if [ ! -e /var/lock/subsys/rkhunter ]; then
# Try to keep the SysInit boot scan from colliding with us (highly unlikely)
/bin/touch /var/lock/subsys/rkhunter
# Source system configuration parameters.
if [ -e /etc/sysconfig/rkhunter ] ; then
. /etc/sysconfig/rkhunter
else
MAILTO=root@localhost
fi
# If a diagnostic mode scan was requested, setup the parameters
if [ "$DIAG_SCAN" = "yes" ]; then
RKHUNTER_FLAGS="--checkall --skip-keypress --nocolors --quiet --appendlog --display-logfile"
else
RKHUNTER_FLAGS="--cronjob --nocolors --report-warnings-only"
fi
# Set a few critical parameters
RKHUNTER=/usr/bin/rkhunter
LOGFILE=/var/log/rkhunter/rkhunter.log
# Run RootKit Hunter if available
if [ -x $RKHUNTER ]; then
/bin/echo -e "\n--------------------- Start Rootkit Hunter Update ---------------------" \
> $TMPFILE1
/bin/nice -n 10 $RKHUNTER --update --nocolors 2>&1 >> $TMPFILE1
/bin/echo -e "\n---------------------- Start Rootkit Hunter Scan ----------------------" \
>> $TMPFILE1
/bin/nice -n 10 $RKHUNTER $RKHUNTER_FLAGS 2>&1 >> $TMPFILE1
XITVAL=$?
/bin/echo -e "\n----------------------- End Rootkit Hunter Scan -----------------------" \
>> $TMPFILE1
if [ $XITVAL != 0 ]; then
/bin/cat $TMPFILE1 | /bin/mail -s "rkhunter Daily Run on $(hostname)" $MAILTO
fi
/bin/cat $TMPFILE1 >> $LOGFILE
fi
# Delete the gating lockfile
/bin/rm -f /var/lock/subsys/rkhunter
fi
# Delete the secure tempfile
/bin/rm -f $TMPFILE1
exit $XITVAL