Debian/Ubuntu Anti-Virus and Root Kit Scan Script
A customer requested this script, once I started working on it I realized how useful this could be. I have this setup on a weekly CRON task. The script is very simple, it updates ClamAV and RKHunter then scans the server with both and mails the results to the specified email address. If you plan on adding this script to your server, you might want to ensure that you have the correct versions of ClamAV and RKHunter.
Click here to download the script, or read the script below
Below is the script:
#!/bin/bash # script: Weekly AV/RK Scan Script # # # # written by: # # Patrick Burns # ######################################### EMAIL="burnsoft@gmail.com" #Create the log file, remove the previous weeks log if needed. I know this is bad form for creating a log...i'll revisit this issue another day... rm -f /root/scan_script/scan.log touch /root/scan_script/scan.log #First we need to update ClamAV echo " " echo "####################################################################################" | tee -a scan.log echo "### Updating ClamAV ####" | tee -a scan.log echo "####################################################################################" | tee -a scan.log echo " " freshclam | tee -a scan.log #Now we scan the server with our updated ClamAV echo "####################################################################################" | tee -a scan.log echo "### Beginning ClamAV Anti-Virus Scan ####" | tee -a scan.log echo "####################################################################################" | tee -a scan.log echo " " clamscan -r -i / | tee -a scan.log #Next we update RKHunter echo "####################################################################################" | tee -a scan.log echo "### Updating RKHunter ####" | tee -a scan.log echo "####################################################################################" | tee -a scan.log echo " " rkhunter --update | tee -a scan.log #Then we scan with RKHunter echo "####################################################################################" | tee -a scan.log echo "### Beginning RKHunter Scan ####" | tee -a scan.log echo "####################################################################################" | tee -a scan.log echo " " rkhunter -sk -c | tee -a scan.log #Finally, we mail the log to the email address specified below mutt -s "Weekly Virus/Rootkit Scan" -a /root/scan_script/scan.log ${EMAIL} < /root/scan_script/scan.log
Below is what I’ve added to my crontab -e:
0 0 * * 0 /bin/bash /root/scan_script/clam_rk_scan.sh
Be sure to change the path’s to you’ve saved the script and ensure that bash is located in /bin
No comments yet.