Ping a Specific Port

Question

Juan Jimenez

Asked: 2016-11-05 07:25:19 +0800 CST2016-11-05 07:25:19 +0800 CST 2016-11-05 07:25:19 +0800 CST

chkrootkit on cron but report only if it detects a positive (false or not)

772

I would like to create a cron job that runs chkrootkit, but only emails me the resulting log if there is a positive, false or not. The chkrootkit faq gives this as a suggestion:

0 3 * * * (cd /path/to/chkrootkit; ./chkrootkit 2>&1 | mail -s "chkrootkit output" root)

...but I run an HPC cluster with over 100 nodes. I only want it to mail the log if it has detected something to which I should pay attention.

How should I go about doing this?

1 Answers

Voted

HBruijn · Answer 1 · 2016-11-05T08:01:31+08:00

Best Answer

HBruijn

2016-11-05T08:01:31+08:002016-11-05T08:01:31+08:00

From the README:

Output Messages

The following messages are printed by chkrootkit (except with the -x and -q command options) during its tests:

"INFECTED": the test has identified a command probably modified by a known rootkit;
...

So write little script that runs chkrootkit and redirects the output to a temp file, parse the temp file for the string "INFECTED" and if found; send an email with the relevant info to identify the host and add that temp file as an attachment, delete temp file.

0

chkrootkit on cron but report only if it detects a positive (false or not)

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?