Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com

Login

Remember Me
Don't miss your chance to attend the 2014 Nagios World conference!

Don't miss your chance to attend the 2014 Nagios World Conference, Oct 13-16th. Informative Sessions, Networking, Food and Cocktails! Visit go.nagios.com/conference/ for more information or to register.


check_rootkit

Bookmark and Share

Rating
2 votes
Favoured:
0
Hits
124321
Files:
FileDescription
check_rootkit.gzPlace this script in your libexec directory. Documentation in the script.
A constant thread - a security breach. This small plugin uses the capabilities of the "Rootkit Hunter", an open source solution downloadable from http://sourceforge.net/projects/rkhunter/
A constant thread - a security breach.
This small plugin uses the capabilities of the "Rootkit Hunter", an open source solution downloadable from http://sourceforge.net/projects/rkhunter/

The plugin just starts the program rkhunter (you have to put the program in your /etc/sudoers) and returns a warning or an alert - or an ok if anything is fine.
The command line in the perl script has to be modified conforming your needs. Please read the documentation from rootkit hunter carefully.
Reviews (2)
byoernii, April 16, 2012
1) double gzipped
2) I had to remove the --allow-ssh-root option
3) add an --nomow option, so that running it does not generate an email.
bygwrtheyrn, August 30, 2010
1 of 1 people found this review helpful
1. This file seems to be gzipped twice. To unzip, use:
gzip -cd check_rootkit.gz | gzip -d - > check_rootkit

2. Also, my rkhunter binary was in /usr/bin/rkhunter, not in /usr/local/bin/rkhunter.

3. I had to change parts of line 61 in the script to sudo "rkhunter --quiet --check", as my rkhunter version did not know the allow-ssh-root-user option (and I didn't want it anyways).


Besides that, nice script!