[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] chkrootkit



"Gavin Nelmes-Crocker" <cobalt@xxxxxxxxxxxxxxxx> wrote:
> I want to try and make the email easier to see if you have a problem or
> not
> as there is a tendency if you have several servers to end up getting 6
> mails
> a morning for chkrootkit,backup etc and just glancing at them and possibly
> missing a problem.  Does anyone see a problem with doing a grep -v not to
> remove the following
>
> not infected, nothing deleted, nothing detected etc

I check for strings as follows:

COUNT_INFECTED=`cat $LOG_DIR/$CHKROOTKIT_LOG | grep "INFECTED" | wc -l`

Then I use a regular grep to grab the appropriate lines if the count is > 0.

--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/