RKHunter added during installation and setup for cronjobs
This commit is contained in:
ChiefGyk
parent
23f2b1688f
commit
5ed8803cc1
|
|
@ -0,0 +1,8 @@
|
|||
#!/bin/sh
|
||||
# Cron daily for rkhunter by Alon "ChiefGyk" Ganon
|
||||
# alon@ganon.me
|
||||
(
|
||||
rkhunter --versioncheck
|
||||
rkhunter --update
|
||||
rkhunter -c --cronjob
|
||||
) | mail -s 'rkhunter Daily Check' admin@$DOMAIN
|
||||
File diff suppressed because it is too large
Load Diff
|
|
@ -0,0 +1,81 @@
|
|||
#
|
||||
# Email a message to this address if a warning is found when the
|
||||
# system is being checked. Multiple addresses may be specified
|
||||
# simply be separating them with a space. Setting this option to
|
||||
# null disables the option.
|
||||
#
|
||||
# NOTE: This option should be present in the configuration file.
|
||||
#
|
||||
MAIL-ON-WARNING=admin@$DOMAIN
|
||||
|
||||
#
|
||||
# Allow the specified commands to be scripts.
|
||||
#
|
||||
# This is a space-separated list of filenames. The option may
|
||||
# be specified more than once. The option may use wildcard
|
||||
# characters.
|
||||
#
|
||||
SCRIPTWHITELIST=/bin/egrep
|
||||
SCRIPTWHITELIST=/bin/fgrep
|
||||
SCRIPTWHITELIST=/bin/which
|
||||
SCRIPTWHITELIST=/usr/bin/groups
|
||||
SCRIPTWHITELIST=/usr/bin/ldd
|
||||
#SCRIPTWHITELIST=/usr/bin/lwp-request
|
||||
SCRIPTWHITELIST=/usr/sbin/adduser
|
||||
#SCRIPTWHITELIST=/usr/sbin/prelink
|
||||
SCRIPTWHITELIST=/usr/bin/unhide.rb
|
||||
|
||||
#
|
||||
# Allow the specified hidden directories to be whitelisted.
|
||||
#
|
||||
# This is a space-separated list of directory pathnames.
|
||||
# The option may be specified more than once. The option
|
||||
# may use wildcard characters.
|
||||
#
|
||||
#ALLOWHIDDENDIR="/etc/.java"
|
||||
#ALLOWHIDDENDIR="/dev/.static"
|
||||
#ALLOWHIDDENDIR="/dev/.SRC-unix"
|
||||
#ALLOWHIDDENDIR="/etc/.etckeeper"
|
||||
ALLOWHIDDENDIR="/dev/.udev"
|
||||
|
||||
#
|
||||
# Allow the specified hidden files to be whitelisted.
|
||||
#
|
||||
# This is a space-separated list of filenames. The option may
|
||||
# be specified more than once. The option may use wildcard
|
||||
# characters.
|
||||
#
|
||||
#ALLOWHIDDENFILE="/etc/.java"
|
||||
#ALLOWHIDDENFILE="/usr/share/man/man1/..1.gz"
|
||||
#ALLOWHIDDENFILE="/etc/.pwd.lock"
|
||||
#ALLOWHIDDENFILE="/etc/.init.state"
|
||||
#ALLOWHIDDENFILE="/lib/.libcrypto.so.0.9.8e.hmac /lib/.libcrypto.so.6.hmac"
|
||||
#ALLOWHIDDENFILE="/lib/.libssl.so.0.9.8e.hmac /lib/.libssl.so.6.hmac"
|
||||
#ALLOWHIDDENFILE="/usr/bin/.fipscheck.hmac"
|
||||
#ALLOWHIDDENFILE="/usr/bin/.ssh.hmac"
|
||||
#ALLOWHIDDENFILE="/usr/lib/.libfipscheck.so.1.1.0.hmac"
|
||||
#ALLOWHIDDENFILE="/usr/lib/.libfipscheck.so.1.hmac"
|
||||
#ALLOWHIDDENFILE="/usr/lib/.libgcrypt.so.11.hmac"
|
||||
#ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha1hmac.hmac"
|
||||
#ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha256hmac.hmac"
|
||||
#ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha384hmac.hmac"
|
||||
#ALLOWHIDDENFILE="/usr/lib/hmaccalc/sha512hmac.hmac"
|
||||
#ALLOWHIDDENFILE="/usr/sbin/.sshd.hmac"
|
||||
#ALLOWHIDDENFILE="/usr/share/man/man5/.k5login.5.gz"
|
||||
#ALLOWHIDDENFILE="/etc/.gitignore"
|
||||
#ALLOWHIDDENFILE="/etc/.bzrignore"
|
||||
ALLOWHIDDENFILE="/dev/.blkid.tab"
|
||||
ALLOWHIDDENFILE="/dev/.blkid.tab.old"
|
||||
ALLOWHIDDENFILE="/dev/.initramfs"
|
||||
|
||||
#
|
||||
# Allow the specified files to be present in the /dev directory,
|
||||
# and not regarded as suspicious.
|
||||
#
|
||||
# This is a space-separated list of pathnames. The option may
|
||||
# be specified more than once. The option may use wildcard
|
||||
# characters.
|
||||
#
|
||||
#ALLOWDEVFILE="/dev/shm/pulse-shm-*"
|
||||
#ALLOWDEVFILE="/dev/shm/sem.ADBE_*"
|
||||
ALLOWDEVFILE="/dev/.udev/rules.d/root.rules"
|
||||
|
|
@ -212,6 +212,36 @@ pollinate -q -r
|
|||
#
|
||||
# Allow apt to install system updates automatically every day.
|
||||
|
||||
# Add Rootkit hunter
|
||||
# I have it install and then update to install dependencies and such
|
||||
# It adds a crontab to check daily at 4:15AM
|
||||
# Added by Alon "Chief Gyk" Ganon
|
||||
# alon@ganon.me
|
||||
|
||||
echo "setting debconf variables"
|
||||
debconf-set-selections <<< "postfix postfix/mailname string $DOMAIN"
|
||||
debconf-set-selections <<< "postfix postfix/main_mailer_type string 'Internet Site'"
|
||||
echo "Installing RKHunter from Ubuntu Repo first to setup system files properly"
|
||||
apt_install -y rkhunter binutils libreadline5 ruby ruby1.9.1 unhide.rb mailutils
|
||||
echo "Downloading latest RKHunter"
|
||||
wget http://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.2/rkhunter-1.4.2.tar.gz
|
||||
rkhunter_ver=1.4.2
|
||||
rkhunter_hash=da01bc6757e14549560ad6ea46d1e93dbf5ac90f
|
||||
tar xzvf rkhunter-1.4.2.tar.gz
|
||||
cd rkhunter-1.4.2
|
||||
./installer.sh --layout /usr --install
|
||||
cd ..
|
||||
rm -rf rkhunter-1.4.2*
|
||||
cp conf/rkhunter/rkhunter.conf /etc/rkhunter.conf
|
||||
cp conf/rkhunter/rkhunter.conf.local /etc/rkhunter.conf.local
|
||||
rkhunter --versioncheck
|
||||
rkhunter --update
|
||||
rkhunter --propupd
|
||||
cp conf/rkhunter-cron.sh /etc/cron.daily/rkhunter-cron.sh
|
||||
chmod +x /etc/cron.daily/rkhunter-cron.sh
|
||||
sed -i '/APT_AUTOGEN="false"/c\APT_AUTOGEN="yes"' /etc/default/rkhunter
|
||||
|
||||
|
||||
cat > /etc/apt/apt.conf.d/02periodic <<EOF;
|
||||
APT::Periodic::MaxAge "7";
|
||||
APT::Periodic::Update-Package-Lists "1";
|
||||
|
|
|
|||
Loading…
Reference in New Issue