1 |
Hi all, |
2 |
|
3 |
I have written a script in /etc/cron.daily for chkrootkit to screen out known |
4 |
suspect files that are OK & to email me with anthing else ... (ahem its not a |
5 |
gentoo system ... just thought I should come clean :)) |
6 |
|
7 |
#!/bin/sh |
8 |
|
9 |
# Adds a primitive filter of repeating false positives |
10 |
|
11 |
OUTFILE=`mktemp` || exit 1 |
12 |
|
13 |
chkrootkit -q\ |
14 |
| grep -v 'PACKET SNIFFER(/sbin/dhclient3'\ |
15 |
| grep -v '/usr/lib/jvm/.java-gcj.jinfo'\ |
16 |
| grep -v '/usr/lib/realplay-10.0.6/share/default/.realplayerrc'\ |
17 |
| grep -v '/usr/lib/jvm/java-1.5.0-sun-1.5.0.06/.systemPrefs'\ |
18 |
| grep -v '/usr/lib/jvm/.java-1.5.0-sun.jinfo'\ |
19 |
| grep -v '/usr/lib/mindi/rootfs/root/.profile'\ |
20 |
| grep -v '/usr/lib/mindi/rootfs/proc/.keep'\ |
21 |
> $OUTFILE 2> /dev/null |
22 |
|
23 |
val1=$(wc -l < $OUTFILE) |
24 |
|
25 |
if [ $val1 -ge 3 ] ; then |
26 |
cat $OUTFILE | mail -s "[ckrootkit] Daily run" root |
27 |
fi |
28 |
|
29 |
rm -f $OUTFILE |
30 |
|
31 |
|
32 |
All works as expected except the 2> /dev/null appears not to work. I get the |
33 |
following emailed to me ... |
34 |
|
35 |
/etc/cron.daily/chkrootkit-filter: |
36 |
/usr/bin/find: //mnt/samba/archive/vanda-comp_backup/2006-07-02_07.19.43.912205.vanda-comp.ful: |
37 |
Permission denied |
38 |
/usr/bin/find: //mnt/samba/archive/vanda-comp_backup/2006-07-02_07.38.48.421654.vanda-comp.inc: |
39 |
Permission denied |
40 |
/usr/bin/find: //mnt/samba/archive/vanda-comp_backup/2006-07-02_07.40.10.454279.vanda-comp.inc: |
41 |
Permission denied |
42 |
/usr/bin/find: //mnt/samba/archive/vanda-comp_backup/2006-07-03_10.19.03.870135.vanda-comp.inc: |
43 |
Permission denied |
44 |
/usr/bin/find: //mnt/samba/archive/vanda-comp_backup/2006-07-04_11.36.46.651743.vanda-comp.inc: |
45 |
Permission denied |
46 |
/usr/bin/find: //mnt/samba/archive/vanda-comp_backup/2006-07-05_07.37.17.335699.vanda-comp.inc: |
47 |
Permission denied |
48 |
/usr/bin/find: //mnt/samba/archive/vanda-comp_backup/2006-07-06_17.37.02.619804.vanda-comp.inc: |
49 |
Permission denied |
50 |
/usr/bin/find: //mnt/samba/archive/vanda-comp_backup/2006-07-07_09.04.20.615943.vanda-comp.inc: |
51 |
Permission denied |
52 |
/usr/bin/find: //mnt/samba/archive/vanda-comp_backup/2006-07-02_07.19.43.912205.vanda-comp.ful: |
53 |
Permission denied |
54 |
/usr/bin/find: //mnt/samba/archive/vanda-comp_backup/2006-07-02_07.38.48.421654.vanda-comp.inc: |
55 |
Permission denied |
56 |
/usr/bin/find: //mnt/samba/archive/vanda-comp_backup/2006-07-02_07.40.10.454279.vanda-comp.inc: |
57 |
Permission denied |
58 |
/usr/bin/find: //mnt/samba/archive/vanda-comp_backup/2006-07-03_10.19.03.870135.vanda-comp.inc: |
59 |
Permission denied |
60 |
/usr/bin/find: //mnt/samba/archive/vanda-comp_backup/2006-07-04_11.36.46.651743.vanda-comp.inc: |
61 |
Permission denied |
62 |
/usr/bin/find: //mnt/samba/archive/vanda-comp_backup/2006-07-05_07.37.17.335699.vanda-comp.inc: |
63 |
Permission denied |
64 |
/usr/bin/find: //mnt/samba/archive/vanda-comp_backup/2006-07-06_17.37.02.619804.vanda-comp.inc: |
65 |
Permission denied |
66 |
|
67 |
Is there a way to avoid script errors being emailed to me ? Apart from maybe |
68 |
executing this script within a wrapper script ie ... |
69 |
|
70 |
chkrootkit &> /dev/null |
71 |
|
72 |
Any suggestions very welcome |
73 |
|
74 |
Dave |
75 |
|
76 |
-- |
77 |
gentoo-user@g.o mailing list |