It is the cron job that comes packaged with the latest version of
rkhunter. I'll paste it below...
Quinn
[EMAIL PROTECTED] /etc/cron.daily/01-rkhunter
#!/bin/sh
# 01-rkhunter A shell script to update and run rkhunter via CRON
XITVAL=0
# Get a secure tempfile
TMPFILE1=`/bin/mktemp -p /var/rkhunter/tmp rkhcronlog.XXXXXXXXXX` ||
exit 1
if [ ! -e /var/lock/subsys/rkhunter ]; then
# Try to keep the SysInit boot scan from colliding with us (highly
unlikely)
/bin/touch /var/lock/subsys/rkhunter
# Source system configuration parameters.
if [ -e /etc/sysconfig/rkhunter ] ; then
. /etc/sysconfig/rkhunter
else
[EMAIL PROTECTED]
fi
# If a diagnostic mode scan was requested, setup the parameters
if [ "$DIAG_SCAN" == "yes" ]; then
RKHUNTER_FLAGS="
--checkall
--run-application-check
--skip-keypress
--nocolors
--quiet
--append-log $TMPFILE1
"
else
RKHUNTER_FLAGS="
--cronjob
"
fi
# Set a few critical parameters
RKHUNTER=/usr/bin/rkhunter
LOGFILE=/var/log/rkhunter.log
# Run RootKit Hunter if available
if [ -x $RKHUNTER ]; then
/bin/echo -e "\n--------------------- Start Rootkit Hunter Update
---------------------" \
> $TMPFILE1
/bin/nice -n 10 $RKHUNTER --update 2>&1 >> $TMPFILE1
/bin/echo -e "\n---------------------- Start Rootkit Hunter Scan
----------------------" \
>> $TMPFILE1
/bin/nice -n 10 $RKHUNTER $RKHUNTER_FLAGS 2>&1 >> $TMPFILE1
XITVAL=$?
/bin/echo -e "\n----------------------- End Rootkit Hunter Scan
-----------------------" \
>> $TMPFILE1
/bin/cat $TMPFILE1 | /bin/mail -s 'rkhunter Daily Run' $MAILTO
/bin/cat $TMPFILE1 >> $LOGFILE
fi
# Delete the gating lockfile
/bin/rm -f /var/lock/subsys/rkhunter
fi
# Delete the secure tempfile
/bin/rm -f $TMPFILE1
exit $XITVAL
################################
On Wed, 13 Sep 2006 15:36:03 +0200 (CEST), unspawn wrote:
> On Wed, 13 Sep 2006, Quinn Comendant wrote:
>
>> Hello!
>>
>> I have rkhunter running via cron.daily. Every day I receive a message
>> stating "[rkhunter] Warnings found for two.strangecode.com." I can't
>> seem to find why it is triggering.
>
> Me neither, though that doesn't mean I see everything.
> What's the contents of the cronjob?
>
>
> Cheers, unSpawn
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
