Search All Sites
Nagios Live WebinarsLet our experts show you how Nagios can help your organization.
Don't miss your chance to attend the 2014 Nagios World Conference, Oct 13-16th. Informative Sessions, Networking, Food and Cocktails! Visit go.nagios.com/conference/ for more information or to register.
|check_rootkit.gz||Place this script in your libexec directory. Documentation in the script.|
This small plugin uses the capabilities of the "Rootkit Hunter", an open source solution downloadable from http://sourceforge.net/projects/rkhunter/
The plugin just starts the program rkhunter (you have to put the program in your /etc/sudoers) and returns a warning or an alert - or an ok if anything is fine.
The command line in the perl script has to be modified conforming your needs. Please read the documentation from rootkit hunter carefully.
2) I had to remove the --allow-ssh-root option
3) add an --nomow option, so that running it does not generate an email.
gzip -cd check_rootkit.gz | gzip -d - > check_rootkit
2. Also, my rkhunter binary was in /usr/bin/rkhunter, not in /usr/local/bin/rkhunter.
3. I had to change parts of line 61 in the script to sudo "rkhunter --quiet --check", as my rkhunter version did not know the allow-ssh-root-user option (and I didn't want it anyways).
Besides that, nice script!