#!/bin/sh
# 01-rkhunter  A shell script to update and run rkhunter via CRON

XITVAL=0

# Get a secure tempfile
TMPFILE1=`/bin/mktemp -p /var/rkhunter/tmp rkhcronlog.XXXXXXXXXX` || exit 1

if [ ! -e /var/lock/subsys/rkhunter ]; then

  # Try to keep the SysInit boot scan from colliding with us (highly unlikely)
  /bin/touch /var/lock/subsys/rkhunter

  # Source system configuration parameters.
  if [ -e /etc/sysconfig/rkhunter ] ; then
    . /etc/sysconfig/rkhunter
  else
    MAILTO=root@localhost
  fi

  # If a diagnostic mode scan was requested, setup the parameters
  if [ "$DIAG_SCAN" == "yes" ]; then
    RKHUNTER_FLAGS="
    --checkall
    --run-application-check
    --skip-keypress
    --nocolors
    --quiet
    --append-log $TMPFILE1
  "
  else
    RKHUNTER_FLAGS="
    --cronjob
  "
  fi

  # Set a few critical parameters
  RKHUNTER=/usr/bin/rkhunter
  LOGFILE=/var/log/rkhunter.log

  # Run RootKit Hunter if available
  if [ -x $RKHUNTER ]; then
    /bin/echo -e "\n--------------------- Start Rootkit Hunter Update ---------------------" \
      > $TMPFILE1
    /bin/nice -n 10 $RKHUNTER --update 2>&1 >> $TMPFILE1
    /bin/echo -e "\n---------------------- Start Rootkit Hunter Scan ----------------------" \
      >> $TMPFILE1
    /bin/nice -n 10 $RKHUNTER $RKHUNTER_FLAGS 2>&1 >> $TMPFILE1
    XITVAL=$?
    /bin/echo -e "\n----------------------- End Rootkit Hunter Scan -----------------------" \
      >> $TMPFILE1
    /bin/cat $TMPFILE1 | /bin/mail -s 'rkhunter Daily Run' $MAILTO
    /bin/cat $TMPFILE1 >> $LOGFILE
  fi

  # Delete the gating lockfile
  /bin/rm -f /var/lock/subsys/rkhunter
fi

# Delete the secure tempfile
/bin/rm -f $TMPFILE1

exit $XITVAL