ROOTKIT - Check Script: Difference between revisions
From IT-Arts.net
imported>Z Created page with "Category:Post-It <nowiki> #!/bin/bash rkhunter --update rkhunter --propupd rkhunter -C rkhunter --check-all --sk chkrootkit tiger lynis --check-update lynis --check-..." |
m Text replacement - "Category:Wiki" to "Category:Wiki '''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' " |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
[[Category: | [[Category:Wiki]] | ||
'''''[https://it-arts.net/index.php/Category:Wiki Return to Wiki Index]''''' | |||
== Basic Script == | |||
<nowiki> | <nowiki> | ||
| Line 21: | Line 26: | ||
exit 0</nowiki> | exit 0</nowiki> | ||
== Enhanced Script == | |||
<nowiki> | |||
#!/bin/bash | |||
# Start logging to capture output for review | |||
LOGFILE="/var/log/system_security_check.log" | |||
exec > >(tee -a $LOGFILE) 2>&1 | |||
echo "Starting security checks at $(date)" | |||
# 1. Update rkhunter (Rootkit Hunter) | |||
# This updates the rkhunter database for the latest rootkit signatures. | |||
echo "Updating rkhunter database..." | |||
rkhunter --update | |||
# 2. Update rkhunter's properties (ensures the latest configuration data is used) | |||
# This ensures rkhunter has the latest file properties for comparison. | |||
echo "Updating rkhunter properties..." | |||
rkhunter --propupd | |||
# 3. Check the rkhunter configuration | |||
# Run a configuration check to validate the current settings of rkhunter. | |||
echo "Running rkhunter configuration check..." | |||
rkhunter -C | |||
# 4. Perform a full rootkit scan | |||
# '--check-all' runs all the checks, '--sk' skips known false positives. | |||
# You can remove '--sk' to ensure no results are skipped (higher accuracy, but may have more false positives). | |||
echo "Running full rkhunter rootkit scan (with known false positives skipped)..." | |||
rkhunter --check-all --sk | |||
# 5. Run chkrootkit | |||
# chkrootkit is another tool to detect rootkits. | |||
# It scans for the presence of rootkits on the system. | |||
echo "Running chkrootkit scan..." | |||
chkrootkit | |||
# 6. Run Tiger security audit | |||
# Tiger performs a thorough security audit of the system. | |||
echo "Running Tiger security audit..." | |||
tiger | |||
# 7. Run Lynis security audit | |||
# Update the Lynis database and then run a full security audit. | |||
# '-Q' suppresses warnings and non-critical messages. | |||
echo "Updating Lynis database..." | |||
lynis --check-update | |||
echo "Running full Lynis audit..." | |||
lynis --check-all -Q | |||
# 8. Run logwatch for log file analysis | |||
# Logwatch analyzes system logs and generates a report on important events. | |||
echo "Running Logwatch report..." | |||
logwatch | |||
# 9. Run debsecan to check for security vulnerabilities in installed packages | |||
# This will check security advisories for packages installed on the system. | |||
# '--suite' specifies the release code name for the current Debian-based system. | |||
echo "Running debsecan for vulnerabilities..." | |||
debsecan --suite $(lsb_release --codename --short) | |||
# End of the security check | |||
echo "Security check completed at $(date)" | |||
# Exit with success | |||
exit 0 | |||
</nowiki> | |||
Latest revision as of 08:13, 17 January 2026
Basic Script
#!/bin/bash rkhunter --update rkhunter --propupd rkhunter -C rkhunter --check-all --sk chkrootkit tiger lynis --check-update lynis --check-all -Q logwatch debsecan --suite $(lsb_release --codename --short) exit 0
Enhanced Script
#!/bin/bash # Start logging to capture output for review LOGFILE="/var/log/system_security_check.log" exec > >(tee -a $LOGFILE) 2>&1 echo "Starting security checks at $(date)" # 1. Update rkhunter (Rootkit Hunter) # This updates the rkhunter database for the latest rootkit signatures. echo "Updating rkhunter database..." rkhunter --update # 2. Update rkhunter's properties (ensures the latest configuration data is used) # This ensures rkhunter has the latest file properties for comparison. echo "Updating rkhunter properties..." rkhunter --propupd # 3. Check the rkhunter configuration # Run a configuration check to validate the current settings of rkhunter. echo "Running rkhunter configuration check..." rkhunter -C # 4. Perform a full rootkit scan # '--check-all' runs all the checks, '--sk' skips known false positives. # You can remove '--sk' to ensure no results are skipped (higher accuracy, but may have more false positives). echo "Running full rkhunter rootkit scan (with known false positives skipped)..." rkhunter --check-all --sk # 5. Run chkrootkit # chkrootkit is another tool to detect rootkits. # It scans for the presence of rootkits on the system. echo "Running chkrootkit scan..." chkrootkit # 6. Run Tiger security audit # Tiger performs a thorough security audit of the system. echo "Running Tiger security audit..." tiger # 7. Run Lynis security audit # Update the Lynis database and then run a full security audit. # '-Q' suppresses warnings and non-critical messages. echo "Updating Lynis database..." lynis --check-update echo "Running full Lynis audit..." lynis --check-all -Q # 8. Run logwatch for log file analysis # Logwatch analyzes system logs and generates a report on important events. echo "Running Logwatch report..." logwatch # 9. Run debsecan to check for security vulnerabilities in installed packages # This will check security advisories for packages installed on the system. # '--suite' specifies the release code name for the current Debian-based system. echo "Running debsecan for vulnerabilities..." debsecan --suite $(lsb_release --codename --short) # End of the security check echo "Security check completed at $(date)" # Exit with success exit 0
