LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Linux Answers > Security
User Name
Password

Notices


By elliotjreed at 2013-07-10 06:14
Set-Up Anti-Virus & Rootkit Scan and Email Results

Firstly, install Clam anti-virus, Chkrootkit and Sendmail. Clam is the anti-virus programme for Linux, Chkrootkit is the rootkit scanner, and Sendmail is the easiest (and most basic) method of sending an email from within the terminal. So, install the required packages as follows:
Code:
sudo aptitude install -r -y clamav clamav-base chkrootkit sendmail
Then test the email Rootkit scan report by typing the following into your terminal:
Code:
sudo chkrootkit 2>&1 | sendmail email@address.com
Then test the anti-virus scan report (may take a long time depending on the number of files in your home directory, and your system's 'oomph' - if you want, select a smaller directory with one or two files in). The && simply means to run the next command if the first suceeds. Run the Clam update (freshclam) and then the virus scan (clamscan) by doing:
Code:
sudo freshclam && sudo clamscan -r -i /home/ | sendmail email@address.com
Set-Up Anti-Virus & Rootkit Scan to run Automatically

If both worked (check your email), you'll now need to add the cron jobs (not as difficult as it sounds). This will open up in Nano (if it gives you the option to use an editor, choose Nano). The format for the cron job timings are explained in a little detail below. Open up the cron file for editing by:
Code:
sudo crontab -e
Add the following to the list (or after the '#' commented out lines if there's no cron jobs there already):
Code:
30 11 * * 1-5 chkrootkit 2>&1 | sendmail email@address.com
0 12 * * 1-5 freshclam
15 12 * * 1-5 clamscan -r -i /home/ | sendmail email@address.com
Now, you may be wondering what on earth the numbers and stars (wildcards) are. Fear not, 'tis explained below.

To close the Nano editor use Ctrl-X, then "y" to save the file.

You should now receive emails periodically to your selected email address once the scans are complete. One thing I will say is that the Clam virus scan can take a very long time, so you may want to set it to scan only certain (smaller) directories - just edit the /home/ line to point it to the directory you want.

Cron Job Format

The numbers and wildcards (the stars) refer to how often you want the task run. In the example above I have a rootkit scan (chkrootkit) running at 30 minutes past 11am Monday to Friday. Then freshclam (which updates the anti-virus database) at 12pm Monday to Friday, and then the anti-virus scan at 15 minutes past 12pm Monday to Friday. You can set these to run however often you wish, the table below shows the available options for the timings:

Code:
*     *     *   *    *        Command to be Executed
-     -     -   -    -
|     |     |   |    |
|     |     |   |    +----- day of week (0-6) (Sunday=0)
|     |     |   +------- month (1-12)
|     |     +--------- day of month (1-31)
|     +----------- hour (0-23)
+------------- minute (0-59)
You can also specify a repeat pattern like * /1 * * * which would run the cron job every hour of every month, year, and day. For example, if you have the clamav-daemon running (an anti-virus detector that always runs in the background) you could have it update your anti-virus definitions every hour Monday to Friday with the cron job:
Code:
0 /1 * * 1-5 freshclam

by unSpawn on Sun, 2013-11-03 05:37
Please realize that while distributions may release patched version still the core of Chkrootkit hasn't been updated since July 30th 2009 (version 0.49).


  



All times are GMT -5. The time now is 05:58 PM.

Main Menu
Advertisement
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration