On Fri, Apr 26, 2013 at 11:14:25PM +0100, John Horne wrote: > On Tue, 2013-04-23 at 21:25 -0700, 'Robert Holtzman' wrote: > > > > Next I added my email address to MAIL-ON-WARNING in /etc/rkhunter.conf. > > It had been MAIL-ON-WARNING="". I thought that was weird but it was the > > same on my desktop where I got the emails every day. Result...still no > > joy. > > > > I'm out of Ideas. If anyone has a clue please let me know. > > > Hello, > > If MAIL-ON-WARNING is not set (or set to ""), then RKH will not send an > email message if there are warnings. However, it may well be your cron > system that is capturing the output from RKH and sending the message.
As I said previously, the settings are the same as on the desktop ("")
which sends mail. Hadn't ever heard of cron acting as you describe.
Could you please elaborate?
>
> I don't know how RKH is set up on a Debian system. What are the settings
> of MAIL-ON-WARNING and MAIL_CMD in the rkhunter.conf file on a standard
> Debian system? What does the RKH cron entry look like?
/etc/cron.daily looks like this (in part):
case "$CRON_DAILY_RUN" in
[Yy]*)
OUTFILE=`mktemp` || exit 1
/usr/bin/nice -n $NICE $RKHUNTER --cronjob
--report-warnings-only --appendlog > $OUTFILE
if [ -s "$OUTFILE" ]; then
(
echo "Subject: [rkhunter] $(hostname -f) - Daily report"
echo "To: $REPORT_EMAIL"
echo ""
cat $OUTFILE
# ) | /usr/sbin/sendmail $REPORT_EMAIL
) | /usr/bin/msmtp $REPORT_EMAIL
fi
rm -f $OUTFILE
;;
*)
exit 0
;;
esac
which looks right but C (I presume that's what it is) isn't my strong
point.
See above for MAIL-ON-WARNING. MAIL_CMD is:
MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}"
The same as the desktop.
>
> As someone else pointed out, the laptop simply may not have any
> warnings. I would suggest looking in the rkhunter log file to see if
> there were any warnings (using 'grep' obviously makes this easier). If
> there are warnings, but you do not get a message then there is a
> problem. If there are no warnings, then you may want to forcibly create
> one - I tend to use something like 'date >/dev/dummyfile'. The
> 'filesystem' test will then report the file as being suspicious.
Again, as I said previously, the warnings are the same as those on the
desktop.
Thanks for your reply.
I remain frustrated.
--
Bob Holtzman
If you think you're getting free lunch,
check the price of the beer.
Key ID: 8D549279
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
