#!/bin/bash

#DEC032014

httpdsus=`ps auxf| grep httpd | grep -Ev 'grep|root' |grep -v "\_"`
if [ "$(echo $httpdsus)" ]; then
        allsus=`echo $httpdsus`
fi

suspcron=`ps aux | grep -v grep | grep -o "/usr/bin/crond"  | uniq`
if [ "$suspcron" = "/usr/bin/crond" ]; then
        allsus="$allsus  -----  $suspcron"
fi

collectsusp=`ps auxf| grep collector.php | grep -v grep`
if [ "$(echo $collectsusp)" ]; then
        allsus="$allsus  -----  $collectsusp"
fi

susphost=`ps aux | grep -v grep | grep -o "/usr/bin/host"  | uniq`
if [ "$susphost" = "/usr/bin/host" ]; then
        allsus="$allsus  -----  $susphost"
fi


if [ "$(echo $allsus)" ]; then
        echo "CRITICAL suspicious process: $allsus"
        exit 2
else
        echo "OK: No suspicious process found"
        exit 0
fi
