The News‎ > ‎

Automate RKHunter, ClamAV and email reports

posted May 25, 2013, 2:22 PM by Leigh Williams
For a while now I wanted to post this. I am running this on my PC at home because I don't feel like doing it manually every day/week/month etc, and also because I don't use it that often, but I still want to make sure the basic check are done.
I am doing this in Linux Mint 13.

RKHUNTER
RKHunter is a great utility to detect rootkits. 
sudo apt-get install rkhunter

Create this bash script in your home directory or wherever else you may want to:
#!/bin/sh

varrkhunterupdate=$(rkhunter --update)
varrkhuntercheck=$(rkhunter -c --sk --rwo)

sendemail -f FROM@ANYNAME.COM -t TOEMAIL@DOMAIN.COM -u "rkhunter reports" -m "RKHUNTER\n$varrkhunterupdate\nRKHUNTER CHECK\n$varrkhuntercheck" -s smtp.server.com:port -xu USERNAME@DOMAIN.COM -xp YOURPASSWORD 

Save this file as fielname.sh (replace filename with a file name of your choosing)
Make the above file executable
chmod +x /location/of/my/file
Do a ls -l /location/of/my/file to make sure it is executable

sudo crontab -e
This will open up your sudo crontab. Add a line like this at the end of the file. It will scan daily at 10am for rootkits.
0 10 * * * /location/of/my/file.sh


CLAMAV
Do the same as above for ClamAV.
You can install ClamAV (and rkhunter) from the Software Manager application in Ubuntu.
You can place the ClamAV checks in the same .sh script or a new one, doesn't matter. Remember to make the .sh file executable and to add a cron job.

You can do the same with updates as well. Just Google for something like "automate ubuntu updates"

Comments