Hi,

I receive daily emails from rkhunter reports, however there are 2 issues 
with it.

1) rkhunter emails the report to the root of our VPS, completely 
ignoring the email address I have configured in the conf file

2) the report always contains a notice about changes to 2 files. I have 
run "rkhunter --propupd {file}" on both files but it keeps on warning 
about them and emails reports.

Email sample:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

   root@localhost.****.com
     (generated from root@localhost)
     SMTP error from remote mail server after RCPT TO:<root@localhost.****.com>:
     host mail.****.com [************]: 550 unknown user

------ This is a copy of the message, including all the headers. ------

Return-path:<root@****.****.com>
Received: from root by ****.****.com with local (Exim 4.82)
        (envelope-from<root@****.****.com>)
        id 1Vlshz-0007P2-3Y
        for root@localhost; Thu, 28 Nov 2013 03:56:07 +0000
Date: Thu, 28 Nov 2013 03:56:07 +0000
To:root@localhost.****.com
Subject: rkhunter Daily Run on ****.****.com
User-Agent: Heirloom mailx 12.4 7/29/08
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id:<E1Vlshz-0007P2-3Y@****.****.com>
From: root<root@****.****.com>


--------------------- Start Rootkit Hunter Update ---------------------
[ Rootkit Hunter version 1.4.0 ]

Checking rkhunter data files...
   Checking file mirrors.dat                                  [ No update ]
   Checking file programs_bad.dat                             [ No update ]
   Checking file backdoorports.dat                            [ No update ]
   Checking file suspscan.dat                                 [ No update ]
   Checking file i18n/cn                                      [ No update ]
   Checking file i18n/de                                      [ No update ]
   Checking file i18n/en                                      [ No update ]
   Checking file i18n/zh                                      [ No update ]
   Checking file i18n/zh.utf8                                 [ No update ]

---------------------- Start Rootkit Hunter Scan ----------------------
Warning: The file properties have changed:
          File: /bin/passwd
          Current hash: 700addf774f585dd1885ffcd559b4bcb7a85ed98
          Stored hash : fe51a88927eec1639019baa49bd4389cf833202f
Warning: The file properties have changed:
          File: /usr/local/cpanel/bin/jail_safe_passwd
          Current hash: 700addf774f585dd1885ffcd559b4bcb7a85ed98
          Stored hash : fe51a88927eec1639019baa49bd4389cf833202f
          Current size: 6445888    Stored size: 6445632
          Current file modification time: 1385512814 (27-Nov-2013 00:40:14)
          Stored file modification time : 1384907954 (20-Nov-2013 00:39:14)

----------------------- End Rootkit Hunter Scan -----------------------



------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT 
organizations don't have a clear picture of how application performance 
affects their revenue. With AppDynamics, you get 100% visibility into your 
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to