Set-Up Anti-Virus & Rootkit Scan and Email Results via Cron
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
By elliotjreed at 2013-07-10 06:14
Set-Up Anti-Virus & Rootkit Scan and Email Results
Firstly, install Clam anti-virus, Chkrootkit and Sendmail. Clam is the anti-virus programme for Linux, Chkrootkit is the rootkit scanner, and Sendmail is the easiest (and most basic) method of sending an email from within the terminal. So, install the required packages as follows:
Then test the email Rootkit scan report by typing the following into your terminal:
Code:
sudo chkrootkit 2>&1 | sendmail email@address.com
Then test the anti-virus scan report (may take a long time depending on the number of files in your home directory, and your system's 'oomph' - if you want, select a smaller directory with one or two files in). The && simply means to run the next command if the first suceeds. Run the Clam update (freshclam) and then the virus scan (clamscan) by doing:
Set-Up Anti-Virus & Rootkit Scan to run Automatically
If both worked (check your email), you'll now need to add the cron jobs (not as difficult as it sounds). This will open up in Nano (if it gives you the option to use an editor, choose Nano). The format for the cron job timings are explained in a little detail below. Open up the cron file for editing by:
Code:
sudo crontab -e
Add the following to the list (or after the '#' commented out lines if there's no cron jobs there already):
Now, you may be wondering what on earth the numbers and stars (wildcards) are. Fear not, 'tis explained below.
To close the Nano editor use Ctrl-X, then "y" to save the file.
You should now receive emails periodically to your selected email address once the scans are complete. One thing I will say is that the Clam virus scan can take a very long time, so you may want to set it to scan only certain (smaller) directories - just edit the /home/ line to point it to the directory you want.
Cron Job Format
The numbers and wildcards (the stars) refer to how often you want the task run. In the example above I have a rootkit scan (chkrootkit) running at 30 minutes past 11am Monday to Friday. Then freshclam (which updates the anti-virus database) at 12pm Monday to Friday, and then the anti-virus scan at 15 minutes past 12pm Monday to Friday. You can set these to run however often you wish, the table below shows the available options for the timings:
Code:
* * * * * Command to be Executed
- - - - -
| | | | |
| | | | +----- day of week (0-6) (Sunday=0)
| | | +------- month (1-12)
| | +--------- day of month (1-31)
| +----------- hour (0-23)
+------------- minute (0-59)
You can also specify a repeat pattern like * /1 * * * which would run the cron job every hour of every month, year, and day. For example, if you have the clamav-daemon running (an anti-virus detector that always runs in the background) you could have it update your anti-virus definitions every hour Monday to Friday with the cron job:
Please realize that while distributions may release patched version still the core of Chkrootkit hasn't been updated since July 30th 2009 (version 0.49).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.