Difference between revisions of "Rkhunter"

From SME Server
Jump to navigationJump to search
Line 45: Line 45:
 
====mail====
 
====mail====
 
allow to set the mail where you want to send daily report, default is blank for "'''root'''"
 
allow to set the mail where you want to send daily report, default is blank for "'''root'''"
 +
 +
config setprop rkhunter mail toto@toto.com
  
 
====mailWarn====
 
====mailWarn====

Revision as of 20:35, 13 August 2015


Rkhunter SSH for SME7

Maintainer

Unnilennium aka Jean-Philippe PIALASSE (Contrib)

Description

  • Rkhunter searches for rootkits and other abnormalities.


it needs the packages smeserver-rkhunter and rkhunter

Installation

  1. Log in (with username root) to the SMEserver console.
  2. Install smeserver-Rkhunter
    /usr/bin/yum install smeserver-rkhunter --enablerepo=smecontribs
    You will get a y/N-question, answer y if it looks fine. There is no need to reboot the server.
  3. you should then issue:
signal-event remoteaccess-update


Alternatively you can use the server-manager panel "Software installer" to add a new package and select smeserver-Rkhunter (repo smecontribs must be enabled) then do the reconfiguration and reboot task, instead of steps 1 and 2, then refresh your browser and configure Rkhunter,.


Editing configuration

as root you can check the current configuration :

db configuration show rkhunter
rkhunter=service
    DisableTests=apps,suspscan,system_commands
    status=enabled

to set a new value just issue ( where you change VALUE and OPTION by the appropriate data):

db configuration setprop rkhunter OPTION VALUE

DIAG_SCAN

set to yes or no, default : no

DisableTests

here you can set a string of disabled tests separated by ","(default is apps,suspscan,system_commands)

as an example you can avoid alert about deleted file by adding ,deleted_files ( see bug [SME: 3830])

see rkhunter doc for more informations

mail

allow to set the mail where you want to send daily report, default is blank for "root"

config setprop rkhunter mail toto@toto.com

mailWarn

recipient to send a mail in case of warning. Default is empty.

status

active or deactivate rkhunter : enabled (default)/ disabled

Uninstall

yum remove smeserver-Rkhunter Rkhunter

or alternatively just remove them from the server-manager "Software installer"

Additional information

consult RKH documentation and mailing list in case of warnings, it could be false positive. See bug [SME:4614].

Check installed version

yum info installed smeserver-Rkhunter