Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #=======================================================================
- # Filename : check_ebury.sh
- # Author : Benedikt Frenzel
- # Licence :
- # Input values : none
- # Purpose : This script will check if your system is may be
- # infected by the ebruy rootkit for more information
- # check: https://www.cert-bund.de/ebury-faq
- # Disclaimer : I can and will NOT guarantee that this script will
- # find the ebruy rootkit. This script will not remove
- # the rootkit.
- # The output format is check_mk local check compliante.
- #=======================================================================
- # ----------------------------------------------------------------------
- # Independent variables
- # ----------------------------------------------------------------------
- # ----------------------------------------------------------------------
- # Dependent variables
- # Nothing to change below this line.
- # ----------------------------------------------------------------------
- CHECKCOMAND="ipcs -m"
- CHECKPERMS="666"
- CHECKMEM="3283128"
- myPERMSRESULT=$(ipcs -m | grep ${CHECKPERMS} | wc -l)
- if [ ${myPERMSRESULT} -gt 0 ]; then
- myMEMRESULT=$(ipcs -m | grep ${CHECKMEM} | wc -l)
- if [ ${myMEMRESULT} -gt 0 ]; then
- exitSTATUS=2
- exitSTRING="check_ebury CRITICAL - This system may be infected"
- else
- exitSTATUS=0
- exitSTRING="check_ebury OK- This system is clean"
- fi
- else
- exitSTATUS=0
- exitSTRING="check_ebury OK- This system is clean"
- fi
- echo "${exitSTATUS} ${exitSTRING}"
- exit ${exitSTATUS}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement