[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] chkrootkit
- Subject: Re: [cobalt-users] chkrootkit
- From: "Steve Werby" <steve-lists@xxxxxxxxxxxx>
- Date: Thu Feb 13 09:36:00 2003
- Organization: Befriend Internet Services LLC
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
"Gavin Nelmes-Crocker" <cobalt@xxxxxxxxxxxxxxxx> wrote:
> I want to try and make the email easier to see if you have a problem or
> not
> as there is a tendency if you have several servers to end up getting 6
> mails
> a morning for chkrootkit,backup etc and just glancing at them and possibly
> missing a problem. Does anyone see a problem with doing a grep -v not to
> remove the following
>
> not infected, nothing deleted, nothing detected etc
I check for strings as follows:
COUNT_INFECTED=`cat $LOG_DIR/$CHKROOTKIT_LOG | grep "INFECTED" | wc -l`
Then I use a regular grep to grab the appropriate lines if the count is > 0.
--
Steve Werby
President, Befriend Internet Services LLC
http://www.befriend.com/