fvoges · April 22, 2023 08:17
diff --git a/rkhunter b/rkhunter
 #!/bin/bash
 # original author: Aaron Walker <[email protected]>

 ########################## Begin Configuration ###############################

 # Default options - more options may be added depending on the
 # configuration variables you set below
 # --cronjob implies -c, --nocolor, --sk
 RKHUNTER_OPTS="--cronjob --summary"

 # Set this to 'yes' to enable ; this script does nothing otherwise
 ENABLE=yes

 # Automatically update rkhunter's dat files prior to running?
 UPDATE=yes

 # Set this to 'yes' if you wish the output to be mailed to you
 SEND_EMAIL=yes

 # NOTE: the following EMAIL_* variables are only relevant if you set the
 # SEND_EMAIL variable to 'yes'
 EMAIL_SUBJECT="${HOSTNAME}: rkhunter output"
 [email protected]
 EMAIL_CMD="|mail -s \"${EMAIL_SUBJECT}\" ${EMAIL_RECIPIENT}"

 # Log rkhunter output?
 LOG=no

 # The default log location is /var/log/rkhunter.log. Set this variable if
 # you'd like to use an alternate location.
 #LOGFILE=""

 # By default, the log file created by rkhunter is world-readable (0644). If
 # you'd like to modify the permissions afterwards, set this variable.  The
 # value of this variable, must be a valid chmod argument such as '0600' or
 # 'u+rw,go-rwx'.  See the chmod(1) manual page for more information.
 #LOGFILE_PERMS="0600"

 # By default, rkhunter overwrites the previous log.  Set this variable
 # to 'yes' if you'd like the log output appended to the logfile, instead
 # of overwriting it.
 SAVE_OLD_LOGS=no

 # Set to 1 to recieve only warnings & errors
 # Set to 2 to recieve ALL rkhunter output
 # Set to 3 to recieve rkhunter report
 VERBOSITY=3

 ########################### End Configuration ################################

 # exit immediately, unless enabled
 [[ "${ENABLE}" == "yes" ]] || exit 0

 # debug mode?  (mainly for my benefit)
 if [[ -n "${1}" ]] && [[ ${1} = "-d" ]] ; then
        set -o verbose -o xtrace
 fi

 [[ -z "${LOGFILE}" ]] && LOGFILE="/var/log/rkhunter.log"

 # moved this out of config section since it'll
 # probably never need to be changed
 RKHUNTER_EXEC="/usr/sbin/rkhunter"

 # sanity check
 if [[ ! -x "${RKHUNTER_EXEC}" ]] ; then
        echo "${RKHUNTER_EXEC} does not exist or is not executable!"
        exit 1
 fi

 # we create a few tmp files, so let's at least make
 # them readable/writable by root only
 umask 0077

 # all output goes to this temp file
 _tmpout=$(mktemp /tmp/rkhunter.cron.XXXXXX)
 exec > ${_tmpout} 2>&1

 # update data files
 if [[ "${UPDATE}" == "yes" ]] ; then
        # save the output of --update in a tmp file so that it can be mailed
        # along with the scan output; otherwise the user will get 2 mails
        #${RKHUNTER_EXEC} --nocolor --update
        echo "In Gentoo, update option is disabled due to CVE-2017-7480."
 fi

 # formulate options string according to user configuration
 [[ "${LOG}" == "yes" ]] && \
    RKHUNTER_OPTS="${RKHUNTER_OPTS} --createlogfile ${LOGFILE}"

 case "${VERBOSITY}" in
        # warnings and errors only
        1)      RKHUNTER_OPTS="${RKHUNTER_OPTS} --quiet" ;;
        # default rkhunter output (no extra options)
 #       2)      ;;
        # default to option 3
        *)      ;;
 esac

 # save old log
 if [[ "${LOG}" == "yes" && "${SAVE_OLD_LOGS}" == "yes" ]] ; then
        if [[ -e "${LOGFILE}" ]] ; then
                _tmpfile=$(mktemp ${LOGFILE}.XXXXXX)
                mv -f ${LOGFILE} ${_tmpfile}
                echo -e "--\nrkhunter.cron commencing at: $(date)\n--" >> ${_tmpfile}
        fi
 fi

 # finally, run rkhunter
 CMD="${RKHUNTER_EXEC} ${RKHUNTER_OPTS}"
 eval ${CMD}
 RV=$?

 # email output?
 if [[ "${SEND_EMAIL}" == "yes" ]] ; then
        CMD="cat ${_tmpout} ${EMAIL_CMD}"
        eval ${CMD}
 fi

 # remove temp file
 [[ -n "${_tmpout}" ]] && rm -f ${_tmpout}

 [[ "${LOG}" != "yes" ]] && exit ${RV}

 # from this point on, we can assume logging is enabled

 # append new log to old log and restore
 if [[ -n "${_tmpfile}" ]] ; then
        cat ${LOGFILE} >> ${_tmpfile}
        mv ${_tmpfile} ${LOGFILE}
 fi

 chmod ${LOGFILE_PERMS:-0644} ${LOGFILE}

 exit ${RV}
	#!/bin/bash
	# original author: Aaron Walker <[email protected]>

	########################## Begin Configuration ###############################

	# Default options - more options may be added depending on the
	# configuration variables you set below
	# --cronjob implies -c, --nocolor, --sk
	RKHUNTER_OPTS="--cronjob --summary"

	# Set this to 'yes' to enable ; this script does nothing otherwise
	ENABLE=yes

	# Automatically update rkhunter's dat files prior to running?
	UPDATE=yes

	# Set this to 'yes' if you wish the output to be mailed to you
	SEND_EMAIL=yes

	# NOTE: the following EMAIL_* variables are only relevant if you set the
	# SEND_EMAIL variable to 'yes'
	EMAIL_SUBJECT="${HOSTNAME}: rkhunter output"
	[email protected]
	EMAIL_CMD="\|mail -s \"${EMAIL_SUBJECT}\" ${EMAIL_RECIPIENT}"

	# Log rkhunter output?
	LOG=no

	# The default log location is /var/log/rkhunter.log. Set this variable if
	# you'd like to use an alternate location.
	#LOGFILE=""

	# By default, the log file created by rkhunter is world-readable (0644). If
	# you'd like to modify the permissions afterwards, set this variable. The
	# value of this variable, must be a valid chmod argument such as '0600' or
	# 'u+rw,go-rwx'. See the chmod(1) manual page for more information.
	#LOGFILE_PERMS="0600"

	# By default, rkhunter overwrites the previous log. Set this variable
	# to 'yes' if you'd like the log output appended to the logfile, instead
	# of overwriting it.
	SAVE_OLD_LOGS=no

	# Set to 1 to recieve only warnings & errors
	# Set to 2 to recieve ALL rkhunter output
	# Set to 3 to recieve rkhunter report
	VERBOSITY=3

	########################### End Configuration ################################

	# exit immediately, unless enabled
	[[ "${ENABLE}" == "yes" ]] \|\| exit 0

	# debug mode? (mainly for my benefit)
	if [[ -n "${1}" ]] && [[ ${1} = "-d" ]] ; then
	set -o verbose -o xtrace
	fi

	[[ -z "${LOGFILE}" ]] && LOGFILE="/var/log/rkhunter.log"

	# moved this out of config section since it'll
	# probably never need to be changed
	RKHUNTER_EXEC="/usr/sbin/rkhunter"

	# sanity check
	if [[ ! -x "${RKHUNTER_EXEC}" ]] ; then
	echo "${RKHUNTER_EXEC} does not exist or is not executable!"
	exit 1
	fi

	# we create a few tmp files, so let's at least make
	# them readable/writable by root only
	umask 0077

	# all output goes to this temp file
	_tmpout=$(mktemp /tmp/rkhunter.cron.XXXXXX)
	exec > ${_tmpout} 2>&1

	# update data files
	if [[ "${UPDATE}" == "yes" ]] ; then
	# save the output of --update in a tmp file so that it can be mailed
	# along with the scan output; otherwise the user will get 2 mails
	#${RKHUNTER_EXEC} --nocolor --update
	echo "In Gentoo, update option is disabled due to CVE-2017-7480."
	fi

	# formulate options string according to user configuration
	[[ "${LOG}" == "yes" ]] && \
	RKHUNTER_OPTS="${RKHUNTER_OPTS} --createlogfile ${LOGFILE}"

	case "${VERBOSITY}" in
	# warnings and errors only
	1) RKHUNTER_OPTS="${RKHUNTER_OPTS} --quiet" ;;
	# default rkhunter output (no extra options)
	# 2) ;;
	# default to option 3
	*) ;;
	esac

	# save old log
	if [[ "${LOG}" == "yes" && "${SAVE_OLD_LOGS}" == "yes" ]] ; then
	if [[ -e "${LOGFILE}" ]] ; then
	_tmpfile=$(mktemp ${LOGFILE}.XXXXXX)
	mv -f ${LOGFILE} ${_tmpfile}
	echo -e "--\nrkhunter.cron commencing at: $(date)\n--" >> ${_tmpfile}
	fi
	fi

	# finally, run rkhunter
	CMD="${RKHUNTER_EXEC} ${RKHUNTER_OPTS}"
	eval ${CMD}
	RV=$?

	# email output?
	if [[ "${SEND_EMAIL}" == "yes" ]] ; then
	CMD="cat ${_tmpout} ${EMAIL_CMD}"
	eval ${CMD}
	fi

	# remove temp file
	[[ -n "${_tmpout}" ]] && rm -f ${_tmpout}

	[[ "${LOG}" != "yes" ]] && exit ${RV}

	# from this point on, we can assume logging is enabled

	# append new log to old log and restore
	if [[ -n "${_tmpfile}" ]] ; then
	cat ${LOGFILE} >> ${_tmpfile}
	mv ${_tmpfile} ${LOGFILE}
	fi

	chmod ${LOGFILE_PERMS:-0644} ${LOGFILE}

	exit ${RV}