[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] chkrootkit

Subject: Re: [cobalt-users] chkrootkit
From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
Date: Thu Feb 13 09:36:00 2003
Organization: Befriend Internet Services LLC
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

"Gavin Nelmes-Crocker" <cobalt@xxxxxxxxxxxxxxxx> wrote:
> I want to try and make the email easier to see if you have a problem or
> not
> as there is a tendency if you have several servers to end up getting 6
> mails
> a morning for chkrootkit,backup etc and just glancing at them and possibly
> missing a problem.  Does anyone see a problem with doing a grep -v not to
> remove the following
>
> not infected, nothing deleted, nothing detected etc

I check for strings as follows:

COUNT_INFECTED=`cat $LOG_DIR/$CHKROOTKIT_LOG | grep "INFECTED" | wc -l`

Then I use a regular grep to grab the appropriate lines if the count is > 0.

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/

References:
- [cobalt-users] chkrootkit
  - From: Gavin Nelmes-Crocker

Prev by Date: [cobalt-users] New Security Pkg for RaQ4
Next by Date: Re: [cobalt-users] I mess it up.
Previous by thread: [cobalt-users] chkrootkit
Next by thread: [cobalt-users] chkrootkit

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index