Search Exchange



Advanced Search

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com

Login

Remember Me

Directory Tree

check_rootkit

Submit reviewRecommendPrintVisit
Rating
2 votes
Favoured:
0
Owner
nagiosexchange
Website
www.progis.de/
Hits
150226
Files:
FileDescription
check_rootkit.gzPlace this script in your libexec directory. Documentation in the script.
Network Monitoring Software - Download Nagios XI
Log Management Software - Nagios Log Server - Download
Netflow Analysis Software - Nagios Network Analyzer - Download
A constant thread - a security breach. This small plugin uses the capabilities of the "Rootkit Hunter", an open source solution downloadable from http://sourceforge.net/projects/rkhunter/
A constant thread - a security breach.
This small plugin uses the capabilities of the "Rootkit Hunter", an open source solution downloadable from http://sourceforge.net/projects/rkhunter/

The plugin just starts the program rkhunter (you have to put the program in your /etc/sudoers) and returns a warning or an alert - or an ok if anything is fine.
The command line in the perl script has to be modified conforming your needs. Please read the documentation from rootkit hunter carefully.
Reviews (2)
fair
byoernii, April 16, 2012
1) double gzipped
2) I had to remove the --allow-ssh-root option
3) add an --nomow option, so that running it does not generate an email.
Unzipping
bygwrtheyrn, August 30, 2010
1 of 1 people found this review helpful
1. This file seems to be gzipped twice. To unzip, use:
gzip -cd check_rootkit.gz | gzip -d - > check_rootkit

2. Also, my rkhunter binary was in /usr/bin/rkhunter, not in /usr/local/bin/rkhunter.

3. I had to change parts of line 61 in the script to sudo "rkhunter --quiet --check", as my rkhunter version did not know the allow-ssh-root-user option (and I didn't want it anyways).


Besides that, nice script!