#!/bin/sh

# This is a maintenance shell script for the rkhunter security tool.
# You can enable this script in /etc/periodic.conf file by putting these lines into it:
#	daily_rkhunter_update_enable="YES"
#	daily_rkhunter_update_flags="--update --nocolors"
#	daily_rkhunter_check_enable="YES"
#	daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress"
#
# Written by: Gabor Kovesdan <gabor@FreeBSD.org>

if [ -r /etc/defaults/periodic.conf ]; then
   . /etc/defaults/periodic.conf
   source_periodic_confs
fi

SLEEP=/bin/sleep
JOT=/usr/bin/jot

random() {
	${JOT} -r 1 0 900
}

: ${daily_rkhunter_update_flags="--update --nocolors"}
: ${daily_rkhunter_check_flags="--checkall --nocolors --skip-keypress"}

case "$daily_rkhunter_update_enable" in
  [Yy][Ee][Ss])

	echo ""
	echo "Updating the rkhunter database..."
	# When non-interactive, sleep to reduce congestion on rkhunter site
	if [ "$1" != -nodelay ]; then
		# In FreeBSD 12.0 the anticongestion function should be used
		# instead of a hard-coded sleep
		if [ -n "$anticongestion_sleeptime" ]; then
			anticongestion
		else
			${SLEEP} $(random)
		fi
	fi
	%%PREFIX%%/bin/rkhunter ${daily_rkhunter_update_flags}
	;;
esac

case "$daily_rkhunter_check_enable" in
  [Yy][Ee][Ss])

	echo ""
	echo "Running rkhunter..."
	%%PREFIX%%/bin/rkhunter ${daily_rkhunter_check_flags}
	;;
esac