On Sun, 9 Jul 2006 13:33:23 +0100, Dave S wrote: > I have written a script in /etc/cron.daily for chkrootkit to screen out > known suspect files that are OK & to email me with anthing else ... > (ahem its not a gentoo system ... just thought I should come clean :)) > > #!/bin/sh > > # Adds a primitive filter of repeating false positives > > OUTFILE=`mktemp` || exit 1 > > chkrootkit -q\ > | grep -v 'PACKET SNIFFER(/sbin/dhclient3'\ > | grep -v '/usr/lib/jvm/.java-gcj.jinfo'\ > | grep -v '/usr/lib/realplay-10.0.6/share/default/.realplayerrc'\ > | grep -v '/usr/lib/jvm/java-1.5.0-sun-1.5.0.06/.systemPrefs'\ > | grep -v '/usr/lib/jvm/.java-1.5.0-sun.jinfo'\ > | grep -v '/usr/lib/mindi/rootfs/root/.profile'\ > | grep -v '/usr/lib/mindi/rootfs/proc/.keep'\ > > $OUTFILE 2> /dev/null > > val1=$(wc -l < $OUTFILE) > > if [ $val1 -ge 3 ] ; then > cat $OUTFILE | mail -s "[ckrootkit] Daily run" root > fi > > rm -f $OUTFILE > > > All works as expected except the 2> /dev/null appears not to work.
You are redirecting the output of grep, not chkrootkit. Try chkrootkit -q 2>/dev/null | grep -v -f chkroot.filter >$OUTFILE with the patterns in chkroot.filter (this won't affect the error you mentioned, but it makes things a lot easier to read). -- Neil Bothwick ISDN: It Still Does Nothing
signature.asc
Description: PGP signature