check_rootkit

Description

A constant thread - a security breach. This small plugin uses the capabilities of the "Rootkit Hunter", an open source solution downloadable from http://sourceforge.net/projects/rkhunter/

Project Details

Current Version

Last Release Date

June 17, 2009

Owner

Nagios Exchange

Website

http://www.progis.de/

Download URL

https://exchange.nagios.org/wp-content/uploads/project-files/2009/06/check_rootkit.gz

Project Files

File	Description
check_rootkit.gz	Place this script in your libexec directory. Documentation in the script.

Project Notes

A constant thread - a security breach.
This small plugin uses the capabilities of the "Rootkit Hunter", an open source solution downloadable from http://sourceforge.net/projects/rkhunter/

The plugin just starts the program rkhunter (you have to put the program in your /etc/sudoers) and returns a warning or an alert - or an ok if anything is fine.
The command line in the perl script has to be modified conforming your needs. Please read the documentation from rootkit hunter carefully.

User Reviews (2)

April 30, 2012

fair

by: oernii

1) double gzipped
2) I had to remove the --allow-ssh-root option
3) add an --nomow option, so that running it does not generate an email.

August 31, 2010

Unzipping

by: gwrtheyrn

1. This file seems to be gzipped twice. To unzip, use:
gzip -cd check_rootkit.gz | gzip -d - > check_rootkit

2. Also, my rkhunter binary was in /usr/bin/rkhunter, not in /usr/local/bin/rkhunter.

3. I had to change parts of line 61 in the script to sudo "rkhunter --quiet --check", as my rkhunter version did not know the allow-ssh-root-user option (and I didn't want it anyways).

Besides that, nice script!

1 of 1 found this review helpful.

Add a Review

You must be logged in to submit a review.

Thank you for your review!