Question

5

chkrootkit config file options

rated 0 times [ 5] [ 0] / answers: 1 / hits: 2941 / 1 Year ago, sun, march 12, 2023, 10:37:10

I have installed the chkrootkit package with sudo apt-get install chkrootkit. When going to the /etc/chkrootkit.conf config file I see the following options:

RUN_DAILY="false"

RUN_DAILY_OPTS="-q"

DIFF_MODE="false"

I assume that the RUN_DAILY option if enabled would get chkrootkit to run an automated scan daily, and that the RUN_DAILY_OPTS sets what kind of scan the daily scan is in terms of which option it is using. Am I correct here? And if so then these automated scans, where are the results logged and how often do these scans occur?

Also, what does the DIFF_MODE option do? And should I enable it?

I have read the README file here and found nothing to do with this config file.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

bathtusain

Add To Favorites

Follow

Total Points: 380

Total Questions: 124

Total Answers: 111

Location: Trinidad and Tobago

Member since Sat, Apr 9, 2022

2 Years ago

answered 1 Year ago kroapathe · Accepted Answer

RUN_DAILY

If "yes" it runs daily automatically, it "no" you need to run it manually. Als have a look at /etc/cron.daily/chkrootkit. Here you can add something like it sending the report to an e-mail address.

RUN_DAILY_OPTS

These are options you can include. -q means quiet so it does not print anything on screen when running.

DIFF_MODE

If this is set to "yes" chrootkit compares the files /var/log/chkrootkit/log.expected with /var/log/chkrootkit/log.today.

Have a look at /etc/cron.daily/chkrootkit and $CHKROOTKIT $RUN_DAILY_OPTS. You can expand this with a | mail -s $HOSTNAME $YOUR_EMAIL_ADDRESS (untested!) to have it send mails after the scan is done.