Hi,
at least the OpenSuse distribution do send emails with the output from
cron runs, usually to 'root@localhost'.
That behavior has been consistent since many OpenSuse versions including
the 12.2 (latest?).
The behavior can be traced though parsing crontab, "-*/15 * * * * root
test -x /usr/lib/cron/run-crons && /usr/lib/cron/run-crons >/dev/null 2>&1".
Extract from '/usr/lib/cron/run-crons':
# CRON Result EMail is sent to
if test -z "$MAILTO" ; then
SEND_TO="root"
else
SEND_TO="$MAILTO"
fi
In my case I have a Postfix setting on the OpenSuse server that directs
all mails through a mailserver on my home network which in turn delivers
all mails to 'root@localhost' to a specific imap account for administration.
Quite handy to collect system mails from all machines (well, 3 actually,
including the mail server).
Note that this setting will send mails with output from rkhunter when
run from cron irrespective of the rkhunter settings.
I do not know how other distributions behave.
/Bosse J
2013-04-27 03:02, Robert Holtzman skrev:
On Fri, Apr 26, 2013 at 11:14:25PM +0100, John Horne wrote:
On Tue, 2013-04-23 at 21:25 -0700, 'Robert Holtzman' wrote:
Next I added my email address to MAIL-ON-WARNING in /etc/rkhunter.conf.
It had been MAIL-ON-WARNING="". I thought that was weird but it was the
same on my desktop where I got the emails every day. Result...still no
joy.
I'm out of Ideas. If anyone has a clue please let me know.
Hello,
If MAIL-ON-WARNING is not set (or set to ""), then RKH will not send an
email message if there are warnings. However, it may well be your cron
system that is capturing the output from RKH and sending the message.
As I said previously, the settings are the same as on the desktop ("")
which sends mail. Hadn't ever heard of cron acting as you describe.
Could you please elaborate?
I don't know how RKH is set up on a Debian system. What are the settings
of MAIL-ON-WARNING and MAIL_CMD in the rkhunter.conf file on a standard
Debian system? What does the RKH cron entry look like?
/etc/cron.daily looks like this (in part):
case "$CRON_DAILY_RUN" in
[Yy]*)
OUTFILE=`mktemp` || exit 1
/usr/bin/nice -n $NICE $RKHUNTER --cronjob
--report-warnings-only --appendlog > $OUTFILE
if [ -s "$OUTFILE" ]; then
(
echo "Subject: [rkhunter] $(hostname -f) - Daily report"
echo "To: $REPORT_EMAIL"
echo ""
cat $OUTFILE
# ) | /usr/sbin/sendmail $REPORT_EMAIL
) | /usr/bin/msmtp $REPORT_EMAIL
fi
rm -f $OUTFILE
;;
*)
exit 0
;;
esac
which looks right but C (I presume that's what it is) isn't my strong
point.
See above for MAIL-ON-WARNING. MAIL_CMD is:
MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}"
The same as the desktop.
As someone else pointed out, the laptop simply may not have any
warnings. I would suggest looking in the rkhunter log file to see if
there were any warnings (using 'grep' obviously makes this easier). If
there are warnings, but you do not get a message then there is a
problem. If there are no warnings, then you may want to forcibly create
one - I tend to use something like 'date >/dev/dummyfile'. The
'filesystem' test will then report the file as being suspicious.
Again, as I said previously, the warnings are the same as those on the
desktop.
Thanks for your reply.
I remain frustrated.
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
