Gentoo Archives: gentoo-user

From:	Mike Williams <mike@××××××××.uk>
To:	gentoo-user@l.g.o
Subject:	Re: [gentoo-user] Bash query OT
Date:	Sun, 09 Jul 2006 13:08:41
Message-Id:	`200607091357.58249.mike@gaima.co.uk`
In Reply to:	[gentoo-user] Bash query OT by Dave S

1	On Sunday 09 July 2006 13:33, Dave S wrote:
2	> chkrootkit -q\
3	>
4	> \| grep -v 'PACKET SNIFFER(/sbin/dhclient3'\
5	> \| grep -v '/usr/lib/jvm/.java-gcj.jinfo'\
6	> \| grep -v '/usr/lib/realplay-10.0.6/share/default/.realplayerrc'\
7	> \| grep -v '/usr/lib/jvm/java-1.5.0-sun-1.5.0.06/.systemPrefs'\
8	> \| grep -v '/usr/lib/jvm/.java-1.5.0-sun.jinfo'\
9	> \| grep -v '/usr/lib/mindi/rootfs/root/.profile'\
10	> \| grep -v '/usr/lib/mindi/rootfs/proc/.keep'\
11	> \|
12	> > $OUTFILE 2> /dev/null
13
14	You could use egrep -v "/usr/lib/jvm/blah\|/usr/lib/reaplay/blah\|etc\|etc"
15
16	> val1=$(wc -l < $OUTFILE)
17	>
18	> if [ $val1 -ge 3 ] ; then
19	> cat $OUTFILE \| mail -s "[ckrootkit] Daily run" root
20	> fi
21	>
22	> rm -f $OUTFILE
23	>
24	>
25	> All works as expected except the 2> /dev/null appears not to work. I get
26	> the following emailed to me ...
27
28	chrootkit is sending output to STDERR, but you're sending STDERR from the last
29	grep to /dev/null
30
31	--
32	Mike Williams
33
34	--
35	gentoo-user@g.o mailing list