RootkitHunter support.
Author: Jan Synacek <jsynacek@redhat.com>
RH-Bugzilla: #818926
Index: scripts/services/secure
===================================================================
--- scripts/services/secure (revision 110)
+++ scripts/services/secure (working copy)
@@ -180,6 +180,7 @@
$PwdChange = 0;
$RequestKeyFailures = 0;
%OtherList = ();
+%RootkitHunter = ();
use Logwatch ':ip';
while (defined($ThisLine = <STDIN>)) {
@@ -519,6 +520,14 @@
$e='';
}
$KerbList{$response}{$type}{$from}{$service}{$client}{$e}++;
+ } elsif ($ThisLine =~ /Rootkit Hunter:/ ) {
+ if ($ThisLine =~ /Please inspect this machine/) {
+ $RootkitHunter{'inspect'}++;
+ } elsif ($ThisLine =~ /check started/) {
+ $RootkitHunter{'runs'}++;
+ } elsif (my ($mins, $secs) = ($ThisLine =~ /Scanning took ([0-9]*) minutes? and ([0-9]*) seconds?/)) {
+ $RootkitHunter{'time'}+= $mins*60 + $secs;
+ }
} else {
# Unmatched entries...
$ThisLine =~ s/\[\d+\]:/:/;
@@ -908,6 +917,15 @@
}
}
+if (keys %RootkitHunter) {
+ use integer;
+ my ($mins, $secs) = ($RootkitHunter{'time'} / 60, $RootkitHunter{'time'} % 60);
+ print "\nRootkitHunter:\n";
+ print " Runs: $RootkitHunter{'runs'}\n";
+ print " Suggested Inspection: $RootkitHunter{'inspect'} Time(s)\n";
+ print " Total Runtime: $mins minute(s) $secs second(s)\n";
+}
+
if (keys %OtherList) {
print "\n**Unmatched Entries**\n";
foreach $line (sort {$a cmp $b} keys %OtherList) {