Hi,
I receive daily emails from rkhunter reports, however there are 2 issues
with it.
1) rkhunter emails the report to the root of our VPS, completely
ignoring the email address I have configured in the conf file
2) the report always contains a notice about changes to 2 files. I have
run "rkhunter --propupd {file}" on both files but it keeps on warning
about them and emails reports.
Email sample:
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
root@localhost.****.com
(generated from root@localhost)
SMTP error from remote mail server after RCPT TO:<root@localhost.****.com>:
host mail.****.com [************]: 550 unknown user
------ This is a copy of the message, including all the headers. ------
Return-path:<root@****.****.com>
Received: from root by ****.****.com with local (Exim 4.82)
(envelope-from<root@****.****.com>)
id 1Vlshz-0007P2-3Y
for root@localhost; Thu, 28 Nov 2013 03:56:07 +0000
Date: Thu, 28 Nov 2013 03:56:07 +0000
To:root@localhost.****.com
Subject: rkhunter Daily Run on ****.****.com
User-Agent: Heirloom mailx 12.4 7/29/08
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id:<E1Vlshz-0007P2-3Y@****.****.com>
From: root<root@****.****.com>
--------------------- Start Rootkit Hunter Update ---------------------
[ Rootkit Hunter version 1.4.0 ]
Checking rkhunter data files...
Checking file mirrors.dat [ No update ]
Checking file programs_bad.dat [ No update ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ No update ]
Checking file i18n/cn [ No update ]
Checking file i18n/de [ No update ]
Checking file i18n/en [ No update ]
Checking file i18n/zh [ No update ]
Checking file i18n/zh.utf8 [ No update ]
---------------------- Start Rootkit Hunter Scan ----------------------
Warning: The file properties have changed:
File: /bin/passwd
Current hash: 700addf774f585dd1885ffcd559b4bcb7a85ed98
Stored hash : fe51a88927eec1639019baa49bd4389cf833202f
Warning: The file properties have changed:
File: /usr/local/cpanel/bin/jail_safe_passwd
Current hash: 700addf774f585dd1885ffcd559b4bcb7a85ed98
Stored hash : fe51a88927eec1639019baa49bd4389cf833202f
Current size: 6445888 Stored size: 6445632
Current file modification time: 1385512814 (27-Nov-2013 00:40:14)
Stored file modification time : 1384907954 (20-Nov-2013 00:39:14)
----------------------- End Rootkit Hunter Scan -----------------------
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
