Rkhunter: Unterschied zwischen den Versionen

Aus xinux.net
Zur Navigation springen Zur Suche springen
(Die Seite wurde neu angelegt: „=Installation= apt-get install rkhunter Bei Ubuntu 12.04 wird rkhunter 1.4.+X empfohlen : http://sourceforge.net/projects/rkhunter/files/rkhunter/1.4.0/ =Par…“)
 
Zeile 47: Zeile 47:
 
         --nocolors                    Use black and white output
 
         --nocolors                    Use black and white output
 
         --nolog                      Do not write to a logfile
 
         --nolog                      Do not write to a logfile
--nomow, --no-mail-on-warning          Do not send a message if warnings occur
+
--nomow, --no-mail-on-warning          Do not send a message if warnings occur
 
   --ns, --nosummary                  Do not show the summary of check results
 
   --ns, --nosummary                  Do not show the summary of check results
 
  --novl, --no-verbose-logging          No verbose logging
 
  --novl, --no-verbose-logging          No verbose logging

Version vom 14. Juni 2013, 10:40 Uhr

Installation

apt-get install rkhunter

Bei Ubuntu 12.04 wird rkhunter 1.4.+X empfohlen

http://sourceforge.net/projects/rkhunter/files/rkhunter/1.4.0/

Parameter

Usage: rkhunter {--check | --unlock | --update | --versioncheck | 

                --propupd [{filename | directory | package name},...] |
                --list [{tests | {lang | languages} | rootkits | perl | propfiles}] |
                --config-check | --version | --help} [options]

Current options are: 

        --append-log                  Append to the logfile, do not overwrite
        --bindir <directory>...       Use the specified command directories
    -c, --check                       Check the local system
    -C, --config-check                Check the configuration file(s), then exit
 --cs2, --color-set2                  Use the second color set for output
        --configfile <file>           Use the specified configuration file
        --cronjob                     Run as a cron job
                                      (implies -c, --sk and --nocolors options)
        --dbdir <directory>           Use the specified database directory
        --debug                       Debug mode
                                      (Do not use unless asked to do so)
        --disable <test>[,<test>...]  Disable specific tests
                                      (Default is to disable no tests)
        --display-logfile             Display the logfile at the end
        --enable  <test>[,<test>...]  Enable specific tests
                                      (Default is to enable all tests)
        --hash {MD5 | SHA1 | SHA224 | SHA256 | SHA384 | SHA512 |
                NONE | <command>}     Use the specified file hash function
                                      (Default is SHA1, then MD5)
    -h, --help                        Display this help menu, then exit
--lang, --language <language>         Specify the language to use
                                      (Default is English)
        --list [tests | languages |   List the available test names, languages,
                rootkits | perl |     rootkit names, perl module status
                propfiles]            or file properties database, then exit
    -l, --logfile [file]              Write to a logfile
                                      (Default is /var/log/rkhunter.log)
        --noappend-log                Do not append to the logfile, overwrite it
        --nocf                        Do not use the configuration file entries
                                      for disabled tests (only valid with --disable)
        --nocolors                    Use black and white output
        --nolog                       Do not write to a logfile
--nomow, --no-mail-on-warning          Do not send a message if warnings occur
  --ns, --nosummary                   Do not show the summary of check results
--novl, --no-verbose-logging          No verbose logging
        --pkgmgr {RPM | DPKG | BSD |  Use the specified package manager to obtain or
                  SOLARIS | NONE}     verify file property values. (Default is NONE)
        --propupd [file | directory | Update the entire file properties database,
                   package]...        or just for the specified entries
    -q, --quiet                       Quiet mode (no output at all)
 --rwo, --report-warnings-only        Show only warning messages
  --sk, --skip-keypress               Don't wait for a keypress after each test
        --summary                     Show the summary of system check results
                                      (This is the default)
        --syslog [facility.priority]  Log the check start and finish times to syslog
                                      (Default level is authpriv.notice)
        --tmpdir <directory>          Use the specified temporary directory
        --unlock                      Unlock (remove) the lock file
        --update                      Check for updates to database files
  --vl, --verbose-logging             Use verbose logging (on by default)
    -V, --version                     Display the version number, then exit
        --versioncheck                Check for latest version of program
    -x, --autox                       Automatically detect if X is in use
    -X, --no-autox                    Do not automatically detect if X is in use

cronjob testscript

vi /usr/local/sbin/rkhunter.sh

#!/bin/bash
RKHUNTER="/usr/bin/rkhunter -c --skip-keypress --nocolors --rwo"
RKOUT="/tmp/rk.log"
MAIL="technik@xinux.de"
$RKHUNTER > $RKOUT
if test -s $RKOUT
then
cat $RKOUT | mail -s "$hostname rkhunter" $MAIL
fi

crontab -e
0 0 * * 0 /usr/local/sbin/rkhunter.sh
Abgerufen von „https://xinux.net/index.php?title=Rkhunter&oldid=3504