Daily emails from chkrootkit using postfix / sendmail command

Written by Peter Petrik on Apr 27, 2011
in

You have installed chkrootkit and it's now running with daily cron, but unless you are logging in daily to check the logs, you won't know of any potential problems. Here's a simple way to have the daily report emailed to you with only postfix installed, using the sendmail command.

Edit /etc/chkrootkit.conf and add the following

REPORT_EMAIL="email@domain.com"

Edit /etc/cron.daily/chkrootkit and towards the bottom of the file, replace $CHKROOTKIT $RUN_DAILY_OPTS with

$CHKROOTKIT > $LOG_DIR/chkrootkit.log #Run chkrootkit and save the logfile
(
echo "Subject: [chkrootkit] $(hostname -f) - Daily report" #Create subject line using the hostname
echo "To: $REPORT_EMAIL" #Insert To: delivery email address using the variable defined in chkrootkit.conf
echo ""
cat $LOG_DIR/chkrootkit.log #Concat the logfile to the output
) | /usr/sbin/sendmail $REPORT_EMAIL #Send out the email!

It is probably a good idea to rotate the logs, so head over to /etc/logrotate.d/chkroot (new file) and enter

/var/log/chkrootkit/*.log {
  daily
  rotate 15
  dateext
  delaycompress
  missingok
  notifempty
}

Now wait for your daily scheduled cron to run, or run /etc/cron.daily/chkrootkit as root to test it out.

Comments

Posted by Portagemma (not verified) on Jun 3, 2011 at 23:05.

Thanks, email works great.

Note a typo here:

$CHKROOTKIT > $LOG_DIR/chkrootkit.log //Run chkrootkit and save the logfile

should be:

$CHKROOTKIT > $LOG_DIR/chkrootkit.log #Run chkrootkit and save the logfile

Also my debian 64 bit install does not include the log mentioned here:

/var/log/chkrootkit/

Cheers. Paul.

Posted by Peter Petrik on Jun 4, 2011 at 06:59.

Thanks, I got the typo corrected.

As for the location of the logs, some installs are a bit different, so you may need to adjust as needed.