Set-Up Anti-Virus & Rootkit Scan and Email Results via Cron
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
By elliotjreed at 2013-07-10 06:14
Set-Up Anti-Virus & Rootkit Scan and Email Results
Firstly, install Clam anti-virus, Chkrootkit and Sendmail. Clam is the anti-virus programme for Linux, Chkrootkit is the rootkit scanner, and Sendmail is the easiest (and most basic) method of sending an email from within the terminal. So, install the required packages as follows:
Then test the email Rootkit scan report by typing the following into your terminal:
Code:
sudo chkrootkit 2>&1 | sendmail email@address.com
Then test the anti-virus scan report (may take a long time depending on the number of files in your home directory, and your system's 'oomph' - if you want, select a smaller directory with one or two files in). The && simply means to run the next command if the first suceeds. Run the Clam update (freshclam) and then the virus scan (clamscan) by doing:
Set-Up Anti-Virus & Rootkit Scan to run Automatically
If both worked (check your email), you'll now need to add the cron jobs (not as difficult as it sounds). This will open up in Nano (if it gives you the option to use an editor, choose Nano). The format for the cron job timings are explained in a little detail below. Open up the cron file for editing by:
Code:
sudo crontab -e
Add the following to the list (or after the '#' commented out lines if there's no cron jobs there already):
Now, you may be wondering what on earth the numbers and stars (wildcards) are. Fear not, 'tis explained below.
To close the Nano editor use Ctrl-X, then "y" to save the file.
You should now receive emails periodically to your selected email address once the scans are complete. One thing I will say is that the Clam virus scan can take a very long time, so you may want to set it to scan only certain (smaller) directories - just edit the /home/ line to point it to the directory you want.
Cron Job Format
The numbers and wildcards (the stars) refer to how often you want the task run. In the example above I have a rootkit scan (chkrootkit) running at 30 minutes past 11am Monday to Friday. Then freshclam (which updates the anti-virus database) at 12pm Monday to Friday, and then the anti-virus scan at 15 minutes past 12pm Monday to Friday. You can set these to run however often you wish, the table below shows the available options for the timings:
Code:
* * * * * Command to be Executed
- - - - -
| | | | |
| | | | +----- day of week (0-6) (Sunday=0)
| | | +------- month (1-12)
| | +--------- day of month (1-31)
| +----------- hour (0-23)
+------------- minute (0-59)
You can also specify a repeat pattern like * /1 * * * which would run the cron job every hour of every month, year, and day. For example, if you have the clamav-daemon running (an anti-virus detector that always runs in the background) you could have it update your anti-virus definitions every hour Monday to Friday with the cron job:
Please realize that while distributions may release patched version still the core of Chkrootkit hasn't been updated since July 30th 2009 (version 0.49).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
