Re: [Rkhunter-users] rkhunter failing to --propupd

Admin Mon, 09 Dec 2013 03:37:39 -0800

As a follow up to this, I managed to fix the second issue (rkhunter not 
updating file properties). It turns out I needed to specifically include 
the full path /usr/bin/rkhunter


My issue now is that I am still receiving daily emails to the incorrect 
email address - rkhunter doesn't seem to be taking notice of the email 
address that is set in /etc/rkhunter.conf

See:
[root]# cat /etc/rkhunter.conf | grep 'mail'
# To ask questions about rkhunter, please use the rkhunter-users mailing 
list.
# Email a message to this address if a warning is found when the
#MAIL-ON-WARNING=me@mydomain   root@mydomain
MAIL-ON-WARNING=admin@{blanked}
# Specify the mail command to use if MAIL-ON-WARNING is set.
MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}"

On 28/11/13 09:45, Admin wrote:
> Hi,
>
> I receive daily emails from rkhunter reports, however there are 2 issues
> with it.
>
> 1) rkhunter emails the report to the root of our VPS, completely
> ignoring the email address I have configured in the conf file
>
> 2) the report always contains a notice about changes to 2 files. I have
> run "rkhunter --propupd {file}" on both files but it keeps on warning
> about them and emails reports.
>
> Email sample:
>
> This message was created automatically by mail delivery software.
>
> A message that you sent could not be delivered to one or more of its
> recipients. This is a permanent error. The following address(es) failed:
>
>     root@localhost.****.com
>       (generated from root@localhost)
>       SMTP error from remote mail server after RCPT 
> TO:<root@localhost.****.com>:
>       host mail.****.com [************]: 550 unknown user
>
> ------ This is a copy of the message, including all the headers. ------
>
> Return-path:<root@****.****.com>
> Received: from root by ****.****.com with local (Exim 4.82)
>       (envelope-from<root@****.****.com>)
>       id 1Vlshz-0007P2-3Y
>       for root@localhost; Thu, 28 Nov 2013 03:56:07 +0000
> Date: Thu, 28 Nov 2013 03:56:07 +0000
> To:root@localhost.****.com
> Subject: rkhunter Daily Run on ****.****.com
> User-Agent: Heirloom mailx 12.4 7/29/08
> MIME-Version: 1.0
> Content-Type: text/plain; charset=us-ascii
> Content-Transfer-Encoding: 7bit
> Message-Id:<E1Vlshz-0007P2-3Y@****.****.com>
> From: root<root@****.****.com>
>
>
> --------------------- Start Rootkit Hunter Update ---------------------
> [ Rootkit Hunter version 1.4.0 ]
>
> Checking rkhunter data files...
>     Checking file mirrors.dat                                  [ No update ]
>     Checking file programs_bad.dat                             [ No update ]
>     Checking file backdoorports.dat                            [ No update ]
>     Checking file suspscan.dat                                 [ No update ]
>     Checking file i18n/cn                                      [ No update ]
>     Checking file i18n/de                                      [ No update ]
>     Checking file i18n/en                                      [ No update ]
>     Checking file i18n/zh                                      [ No update ]
>     Checking file i18n/zh.utf8                                 [ No update ]
>
> ---------------------- Start Rootkit Hunter Scan ----------------------
> Warning: The file properties have changed:
>            File: /bin/passwd
>            Current hash: 700addf774f585dd1885ffcd559b4bcb7a85ed98
>            Stored hash : fe51a88927eec1639019baa49bd4389cf833202f
> Warning: The file properties have changed:
>            File: /usr/local/cpanel/bin/jail_safe_passwd
>            Current hash: 700addf774f585dd1885ffcd559b4bcb7a85ed98
>            Stored hash : fe51a88927eec1639019baa49bd4389cf833202f
>            Current size: 6445888    Stored size: 6445632
>            Current file modification time: 1385512814 (27-Nov-2013 00:40:14)
>            Stored file modification time : 1384907954 (20-Nov-2013 00:39:14)
>
> ----------------------- End Rootkit Hunter Scan -----------------------
>
>
>
> ------------------------------------------------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most IT
> organizations don't have a clear picture of how application performance
> affects their revenue. With AppDynamics, you get 100% visibility into your
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
> _______________________________________________
> Rkhunter-users mailing list
> Rkhunter-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/rkhunter-users


------------------------------------------------------------------------------
Sponsored by Intel(R) XDK 
Develop, test and display web and hybrid apps with a single code base.
Download it for free now!
http://pubads.g.doubleclick.net/gampad/clk?id=111408631&iu=/4140/ostg.clktrk
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Re: [Rkhunter-users] rkhunter failing to --propupd

Reply via email to