Error No File /var/log/chkrootkit/log.expected
Sign in Pricing Blog Support Search GitHub This repository Watch 5 Star 0 Fork 0 Androguide/cron_jobs Code Issues 0 Pull requests 0 Projects 0 Pulse Graphs Permalink Branch: master Switch branches/tags Branches Tags master Nothing to show Nothing to show Find file Copy path cron_jobs/cron.daily/chkrootkit Fetching contributors… Cannot retrieve contributors at this time Raw Blame History executable file 52 lines (46 sloc) 1.98 KB #!/bin/sh set -e CHKROOTKIT=/usr/sbin/chkrootkit CF=/etc/chkrootkit.conf LOG_DIR=/var/log/chkrootkit if [ ! -x $CHKROOTKIT ]; then exit 0 fi if [ -f $CF ]; then . $CF fi if [ "$RUN_DAILY" = "true" ]; then if [ "$DIFF_MODE" = "true" ]; then eval $CHKROOTKIT $RUN_DAILY_OPTS > $LOG_DIR/log.today.raw 2>&1 # the sed expression replaces the messages about /sbin/dhclient3 /usr/sbin/dhcpd3 # with a message that is the same whatever order eth0 and eth1 were scanned sed -r -e 's,eth(0|1)(:[0-9])?: PACKET SNIFFER\((/sbin/dhclient3|/usr/sbin/dhcpd3)\[[0-9]+\]\),eth\[0|1\]: PACKET SNIFFER\([dhclient3|dhcpd3]{PID}\),' \ -e 's/(! \w+\s+)[ 0-9]{4}[0-9]/\1#####/' $LOG_DIR/log.today.raw > $LOG_DIR/log.today if [ ! -f $LOG_DIR/log.expected ]; then echo "ERROR: No file $LOG_DIR/log.expected" echo "This file should contain expected output from chkrootkit" echo echo "Today's run produced the following output:" echo "--- [ BEGIN: cat $LOG_DIR/log.today ] ---" cat $LOG_DIR/log.today echo "--- [ END: cat $LOG_DIR/log.today ] ---" echo echo "To create this file containing all output from today's run, do (as root)" echo "# cp -a $LOG_DIR/log.today $LOG_DIR/log.expected" echo "# (note that unedited output is in $LOG_DIR/log.today.raw)" elif ! diff -q $LOG_DIR/log.expected $LOG_DIR/log.today > /dev/null 2>&1; then echo "ERROR: chkrootkit output was not as expected." echo echo "The difference is:" echo "---[ BEGIN: diff -u $LOG_DIR/log.expected $LOG_DIR/log.today ] ---" diff -u $LOG_DIR/log.expected $LOG_DIR/log.today || true echo "---[ END: diff -u $LOG_DIR/log.expected $LOG_DIR/log.today ] ---" echo echo "To update the expected output, run (as root)" echo "# cp -a -f $LOG_DIR/log.today $LOG_DIR/log.expected" echo "# (note that unedited output is in $LOG_DIR/log.today.raw)" fi else eval $CHKR
src:chkrootkit. Reported by: Enrico Rivarola
communities company blog Stack Exchange Inbox Reputation and Badges sign up log in tour help Tour Start here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more about Stack Overflow the http://askubuntu.com/questions/585437/chkrootkit-config-file-options company Business Learn more about hiring developers or posting ads with us Ask Ubuntu Questions Tags Users Badges Unanswered Ask Question _ Ask Ubuntu is a question and answer site for Ubuntu users and developers. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top chkrootkit config file options up vote 2 error no down vote favorite I have installed the chkrootkit package with sudo apt-get install chkrootkit. When going to the /etc/chkrootkit.conf config file I see the following options: RUN_DAILY="false" RUN_DAILY_OPTS="-q" DIFF_MODE="false" I assume that the RUN_DAILY option if enabled would get chkrootkit to run an automated scan daily, and that the RUN_DAILY_OPTS sets what kind of scan the daily scan is in terms of which option it is using. Am I correct here? And if so then error no file these automated scans, where are the results logged and how often do these scans occur? Also, what does the DIFF_MODE option do? And should I enable it? I have read the README file here and found nothing to do with this config file. configuration share|improve this question asked Feb 14 '15 at 15:20 Paranoid Panda 13.7k2790203 add a comment| 1 Answer 1 active oldest votes up vote 2 down vote accepted +50 RUN_DAILY If "yes" it runs daily automatically, it "no" you need to run it manually. Als have a look at /etc/cron.daily/chkrootkit. Here you can add something like it sending the report to an e-mail address. RUN_DAILY_OPTS These are options you can include. -q means quiet so it does not print anything on screen when running. DIFF_MODE If this is set to "yes" chrootkit compares the files /var/log/chkrootkit/log.expected with /var/log/chkrootkit/log.today. Have a look at /etc/cron.daily/chkrootkit and $CHKROOTKIT $RUN_DAILY_OPTS. You can expand this with a | mail -s $HOSTNAME $YOUR_EMAIL_ADDRESS (untested!) to have it send mails after the scan is done. share|improve this answer answered Feb 22 '15 at 18:46 Rinzwind 140k17273378 add a comment| Your Answer draft saved draft discarded Sign up or log in Sign up using Google Sign up using Facebook Sign up using Email and Password Post as a guest Name Email Post as a guest Name