事前にhttp://hack.clouddoctor.jp/archives/225/が必要です
#!/bin/sh
LOGROOT=/root/securecheck/
SERVER_NAME="XXX.XXXX.XXXX"
SMTP_SERVER="smtp.gmail.com"
SMTP_PORT="587"
SMTP_USER="xxxx@gmail.com"
SMTP_PASS="XXXXXX"
MAIL_FROM="xxxx@gmail.com"
MAIL_TO="yyyy@zzzz.com"
DIRNAME=`dirname $0`
cd ${DIRNAME} > /dev/null
SCRIPT_DIR=${PWD}
cd - > /dev/null
MAIL_COMMAND="perl ${SCRIPT_DIR}/mail.pl"
echo $MAIL_COMMAND
CHKROOTKIT_BK_ARCHIVE="${SCRIPT_DIR}/bin.tar.gz"
CHKROOTKIT_TMP_PATH="/tmp/chkrootkit"
mkdir -p ${CHKROOTKIT_TMP_PATH}
cd ${CHKROOTKIT_TMP_PATH}
tar -zxvf ${CHKROOTKIT_BK_ARCHIVE} > /dev/null
cd -
logdir=${LOGROOT}/`date +%Y%m`/
if [ -d ${logdir} ]; then
echo "${logdir} already exists."
else
mkdir -p ${logdir}
fi
logfile=${logdir}/sc`date +%Y%m%d`.log
touch ${logfile}
echo date >> ${logfile}
# VIRUS SCAN
echo "" >> ${logfile}
echo "clamscan At `date`" >> ${logfile}
nice -n 19 /usr/bin/freshclam
clamavNum=`nice -n 19 /usr/bin/clamscan --exclude-dir="(/dev|/sys|/usr/share/doc/clamav-0.97/test)" -l ${logfile} -i -r /root/ | grep FOUND | wc -l`
# CHKROOTKIT
echo "" >> ${logfile}
echo "chkrootkit At `date`" >> ${logfile}
chkrootkitNum=`nice -n 19 ${CHKROOTKIT_TMP_PATH}/chkrootkit -p ${CHKROOTKIT_TMP_PATH} | tee -a ${logfile} | grep INFECTED | wc -l`
rm -fr ${CHKROOTKIT_TMP_PATH}
errorNum=`expr $clamavNum + $chkrootkitNum`
if [ ${errorNum} != 0 ]; then
${MAIL_COMMAND}
"${SMTP_SERVER}"
"${SMTP_PORT}"
"${SMTP_USER}"
"${SMTP_PASS}"
"${MAIL_FROM}"
"${MAIL_TO}"
"[${SERVER_NAME}] Secure check error" << HEAR
virus detected: ${clamavNum}
rootkit detected: ${chkrootkitNum}
HEAR
fi
