Difference between revisions of "Rkhunter"
| Line 32: | Line 32: | ||
to set a new value just issue ( where you change VALUE and OPTION by the appropriate data): | to set a new value just issue ( where you change VALUE and OPTION by the appropriate data): | ||
db configuration setprop rkhunter OPTION VALUE | db configuration setprop rkhunter OPTION VALUE | ||
| − | + | signal-event remoteaccess-update | |
====DisableTests==== | ====DisableTests==== | ||
here you can set a string of disabled tests separated by ","(default is '''apps,suspscan,system_commands''') | here you can set a string of disabled tests separated by ","(default is '''apps,suspscan,system_commands''') | ||
| Line 44: | Line 44: | ||
config setprop rkhunter mail toto@toto.com | config setprop rkhunter mail toto@toto.com | ||
| − | + | signal-event remoteaccess-update | |
====DIAG_SCAN==== | ====DIAG_SCAN==== | ||
DIAG_SCAN= no - perform normal report scan (default) | DIAG_SCAN= no - perform normal report scan (default) | ||
| Line 50: | Line 50: | ||
(includes application check) | (includes application check) | ||
config setprop rkhunter DIAG_SCAN yes | config setprop rkhunter DIAG_SCAN yes | ||
| + | signal-event remoteaccess-update | ||
====mailWarn==== | ====mailWarn==== | ||
recipient to send a mail in case of warning. Default is empty. | recipient to send a mail in case of warning. Default is empty. | ||
for example | for example | ||
config setprop rkhunter mailWarn toto@toto.com | config setprop rkhunter mailWarn toto@toto.com | ||
| − | + | signal-event remoteaccess-update | |
====status==== | ====status==== | ||
active or deactivate rkhunter : enabled (default)/ '''disabled''' | active or deactivate rkhunter : enabled (default)/ '''disabled''' | ||
| + | config setprop rkhunter status disabled | ||
| + | signal-event remoteaccess-update | ||
=== Uninstall === | === Uninstall === | ||
Revision as of 20:45, 13 August 2015
Rkhunter SSH for SME7
Maintainer
Unnilennium aka Jean-Philippe PIALASSE (Contrib)
Description
- Rkhunter searches for rootkits and other abnormalities.
it needs the packages smeserver-rkhunter and rkhunter
Installation
- Log in (with username root) to the SMEserver console.
- Install smeserver-Rkhunter
/usr/bin/yum install smeserver-rkhunter --enablerepo=smecontribs
You will get a y/N-question, answer y if it looks fine. There is no need to reboot the server. - you should then issue:
signal-event remoteaccess-update
Alternatively you can use the server-manager panel "Software installer" to add a new package and select smeserver-Rkhunter (repo smecontribs must be enabled) then do the reconfiguration and reboot task, instead of steps 1 and 2, then refresh your browser and configure Rkhunter,.
Editing configuration
as root you can check the current configuration :
db configuration show rkhunter
rkhunter=service
DisableTests=apps,suspscan,system_commands
status=enabled
to set a new value just issue ( where you change VALUE and OPTION by the appropriate data):
db configuration setprop rkhunter OPTION VALUE signal-event remoteaccess-update
DisableTests
here you can set a string of disabled tests separated by ","(default is apps,suspscan,system_commands)
as an example you can avoid alert about deleted file by adding ,deleted_files ( see bug [SME: 3830])
see rkhunter doc for more informations
allow to set the mail where you want to send daily report, default is blank for "root"
config setprop rkhunter mail toto@toto.com signal-event remoteaccess-update
DIAG_SCAN
DIAG_SCAN= no - perform normal report scan (default)
yes - perform detailed report scan
(includes application check)
config setprop rkhunter DIAG_SCAN yes
signal-event remoteaccess-update
mailWarn
recipient to send a mail in case of warning. Default is empty. for example
config setprop rkhunter mailWarn toto@toto.com signal-event remoteaccess-update
status
active or deactivate rkhunter : enabled (default)/ disabled
config setprop rkhunter status disabled signal-event remoteaccess-update
Uninstall
yum remove smeserver-Rkhunter Rkhunter
or alternatively just remove them from the server-manager "Software installer"
Additional information
consult RKH documentation and mailing list in case of warnings, it could be false positive. See bug [SME:4614].
Check installed version
yum info installed smeserver-Rkhunter
