Re: [Rkhunter-users] Daily Run email

Sat, 13 Dec 2008 15:33:30 -0800 

> On 12/09/2008 06:25:54 PM, Michael Mansour wrote:
> > Hi John,
> > 
> > > > On Wed, 2008-12-10 at 12:16 +1100, Michael Mansour wrote:
> > > > > Hi,
> > > > > 
> > > > > > On Tue, 2008-12-09 at 16:29 -0800, Geoffrey Leach wrote:
> > > > > > > With the installation of rkhunter-1.3.2-5.fc10.noarch, my
> > Daily Run 
> > > > > > > email is being sent as a VDHL document (text/x-vdhl). I
> > can't discover 
> > > > > > > where this is being generated. A pointer would be
> > appreciated. (BTW, 
> > > > > > > this is not the WARNING mail)
> > > > > > > 
> > > > > > Since RKH has no 'daily run' as such itself, I can only 
> > assume
> > that the
> > > > > > mail message is being generated via cron (the fedora package
> > having
> > > > > > created such a job). So you could look in the /etc/cron.daily
> > directory
> > > > > > for the job running rkhunter and see if that is doing
> > something odd.
> > > > > > However, both rkhunter and (as far as I know) cron simply use
> > the 'mail'
> > > > > > command and would not do anything fancy such as creating
> > attachments,
> > > > > > let alone x-vdhl whatever that is.
> > > > > 
> > > > > I also use the Fedora (epel) rkhunter version, it's just easier
> > to
> > manage but
> > > > > I also get that daily email which looks weird.
> > > > > 
> > > > Looks like what? Can you send an example or an image of the
> > message?
> > > 
> > > It looks like this:
> > > 
> > > Checking rkhunter data files...
> > > Checking file mirrors.dat[ No update ]
> > > Checking file programs_bad.dat[ No update ]
> > > Checking file backdoorports.dat[ No update ]
> > > Checking file suspscan.dat[ No update ]
> > > Checking file i18n/cn[ No update ]
> > > Checking file i18n/en[ No update ]
> > > Checking file i18n/zh[ No update ]
> > > Checking file i18n/zh.utf8[ No update ]
> > > 
> > > > > and the script Fedora use is:
> > > > > 
> > > > > # cat /etc/cron.daily/rkhunter
> > > > [snipped]
> > > > 
> > > > > /bin/nice -n 10 $RKHUNTER --update 2>&1 >> $TMPFILE1
> > > > >
> > > > I would add in the '--nocolors' option there since this is run 
> > via
> > cron.
> > > 
> > > Hmm.. I'll add this and see if it fixes it. If it does, it'll need 
> > > to be added to bugzilla for Fedora so they can modify their package 
> > > to include it in their script.
> > 
> > You were right, this now looks like:
> > 
> > Checking rkhunter data files...
> > Checking file mirrors.dat [ No update ]
> > Checking file programs_bad.dat [ No update ]
> > Checking file backdoorports.dat [ No update ]
> > Checking file suspscan.dat [ No update ]
> > Checking file i18n/cn [ No update ]
> > Checking file i18n/en [ No update ]
> > Checking file i18n/zh [ No update ]
> > Checking file i18n/zh.utf8 [ No update ]
> > 
> > So I'll jump into Red Hat's bugzilla and report this as a bug to fix.
> > 
> > Hopefully the original poster will read this thread for the solution.
> > 
> > Regards,
> > 
> > Michael.
> > 
> > > > >     if [ $XITVAL != 0 ]; then
> > > > >          /bin/cat $TMPFILE1 | /bin/mail -s 'rkhunter Daily Run'
> > $MAILTO
> > > > >     fi
> > > > >
> > > > Well that's were the 'mail' command is invoked. Looks fine to me.
> > > 
> > > Thanks.
> > > 
> > > Michael.
> > > 
> > > > John.
> 
> "Original Poster" here. The problem results from --cronjob not 
> asserting --nocolors, as is advertised by the man page, and as 
> happened in the F9 version. What then happened is that /bin/mail saw 
> some non- 7bin-ASCII characters and encoded the mail as Base64. The 
> email reader then reported the content as something else altogether. 
> Phew!
> 
> Thanks to all who chimed in.

So that means the error is with rkhunter?

I raised this with bugzilla:

https://bugzilla.redhat.com/show_bug.cgi?id=475916

My explanation there was to get the package maintainer to fix it in epel,
should this stand or be fixed in rkhunter?

Michael.


------------------------------------------------------------------------------
SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada.
The future of the web can't happen without you.  Join us at MIX09 to help
pave the way to the Next Web now. Learn more and register at
http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to