Saturday, March 29, 2008

Running a Script Automatically After Installing Packages

I'm rather certain that if any black-hat hacker would target my home PC he'll probably be able to own it in a matter of minutes (if not seconds). But I can't just sit there and wait for it to happen, so I do spend some effort trying to practice safe computing.

As part of this effort I've installed rootkit hunter:

aptitude install rkhunter

This tool scans my system daily, in an attempt to detect rootkits. It also performs some related generic security auditing, such as tracking modifications made to a select list of system files. Whenever a problem is detected by rkhunter it sends an email message to my local account (it's actually sent to the root user, and by default routed to me).

But guess what happens when I upgrade any package that includes files being tracked by rkhunter? - false alarms. I find myself having to update the database of files tracked by rkhunter every time I upgrade packages:

rkhunter --propupd

It only lately crossed my mind that this should be automated. All that needs to be done is coax apt to run this command after package installation is completed. A quick look at the manual page for apt.conf was enough to provide the basic method, and a bit of looking around at /etc/apt pointed me to the solution.

In order to launch a command (in this case rkhunter) after installing packages, create a file named 99local in /etc/apt/apt.conf.d, with the following contents:
DPkg::Post-Invoke { "if [ -x /usr/bin/rkhunter ]; then /usr/bin/rkhunter --propupd; fi"; };
If you intend to run more commands, you can add them in a similar manner, or place all your commands in a script and have 99local launch this script instead. Note that, according to the documentation, if the script happens to fail for some reason then apt will abort the installation process.

No comments:

Post a Comment