Hi, I receive daily emails from rkhunter reports, however there are 2 issues with it.
1) rkhunter emails the report to the root of our VPS, completely ignoring the email address I have configured in the conf file 2) the report always contains a notice about changes to 2 files. I have run "rkhunter --propupd {file}" on both files but it keeps on warning about them and emails reports. Email sample: This message was created automatically by mail delivery software. A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: root@localhost.****.com (generated from root@localhost) SMTP error from remote mail server after RCPT TO:<root@localhost.****.com>: host mail.****.com [************]: 550 unknown user ------ This is a copy of the message, including all the headers. ------ Return-path:<root@****.****.com> Received: from root by ****.****.com with local (Exim 4.82) (envelope-from<root@****.****.com>) id 1Vlshz-0007P2-3Y for root@localhost; Thu, 28 Nov 2013 03:56:07 +0000 Date: Thu, 28 Nov 2013 03:56:07 +0000 To:root@localhost.****.com Subject: rkhunter Daily Run on ****.****.com User-Agent: Heirloom mailx 12.4 7/29/08 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-Id:<E1Vlshz-0007P2-3Y@****.****.com> From: root<root@****.****.com> --------------------- Start Rootkit Hunter Update --------------------- [ Rootkit Hunter version 1.4.0 ] Checking rkhunter data files... Checking file mirrors.dat [ No update ] Checking file programs_bad.dat [ No update ] Checking file backdoorports.dat [ No update ] Checking file suspscan.dat [ No update ] Checking file i18n/cn [ No update ] Checking file i18n/de [ No update ] Checking file i18n/en [ No update ] Checking file i18n/zh [ No update ] Checking file i18n/zh.utf8 [ No update ] ---------------------- Start Rootkit Hunter Scan ---------------------- Warning: The file properties have changed: File: /bin/passwd Current hash: 700addf774f585dd1885ffcd559b4bcb7a85ed98 Stored hash : fe51a88927eec1639019baa49bd4389cf833202f Warning: The file properties have changed: File: /usr/local/cpanel/bin/jail_safe_passwd Current hash: 700addf774f585dd1885ffcd559b4bcb7a85ed98 Stored hash : fe51a88927eec1639019baa49bd4389cf833202f Current size: 6445888 Stored size: 6445632 Current file modification time: 1385512814 (27-Nov-2013 00:40:14) Stored file modification time : 1384907954 (20-Nov-2013 00:39:14) ----------------------- End Rootkit Hunter Scan ----------------------- ------------------------------------------------------------------------------ Rapidly troubleshoot problems before they affect your business. Most IT organizations don't have a clear picture of how application performance affects their revenue. With AppDynamics, you get 100% visibility into your Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users