forked from solarkennedy/nagios-plugins
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcheck_rkhunter
executable file
·76 lines (69 loc) · 1.59 KB
/
check_rkhunter
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
#! /bin/sh
#
# check_rkhunter
# Somebody else initiall wrote this check.
#
# This check is designed to run not very often, but I like it better
# Than just being a cron job.
# Needs the following sudo rule:
# nagios ALL=NOPASSWD:/usr/bin/rkhunter
PROGNAME=`basename $0`
PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
REVISION=`echo '$Revision: 1.0 $' | sed -e 's/[^0-9.]//g'`
. $PROGPATH/utils.sh
#Don't run if there is an an rkhunter running
if pgrep -f /usr/bin/rkhunter >/dev/null ; then
echo "WARNING: rkhunter still running!, check it out"
exit 1
fi
print_usage() {
echo "Usage: $PROGNAME"
}
print_help() {
print_revision $PROGNAME $REVISION
echo ""
print_usage
echo ""
echo "This plugin checks security status using the root kit hunter package."
echo ""
support
exit 0
}
case "$1" in
--help)
print_help
exit 0
;;
-h)
print_help
exit 0
;;
--version)
print_revision $PROGNAME $REVISION
exit 0
;;
-V)
print_revision $PROGNAME $REVISION
exit 0
;;
*)
Securitydata=`sudo rkhunter --quiet --checkall --no-mail-on-warning 2>&1`
status=$?
# Now test the status
if test ${status} -eq 127; then
echo "rkhunter UNKNOWN - command not found (did you install it?)"
exit -1
elif test ${status} -ne 0 ; then
echo "WARNING - rkhunter produced a warning, see /var/log/rkhunter/rkhunter.log"
grep Warning /var/log/rkhunter/rkhunter.log | tail -n 1
exit 1
fi
if echo ${Securitydata} | egrep infected > /dev/null; then
echo CRITICAL - rkhunter infection detected!
exit 2
else
echo OK: Everything good from rkhunter
exit 0
fi
;;
esac