Hi In this post, I got this code. Code: grep '^\[..:..:..\][[:blank:]]\{6\}.*/dev/shm/.*:' rkhunter.log |\awk '{print "ALLOWDEVFILE="$2}' | sed -e "s|:$||g" if I go to this dir: /var/log and run the above command, I get no output. It usually posts info about what to allow in my config file. There is a file called /var/log/rkhunter.log I hope someone can help me. EDIT: I don't know its another command when I use ISPConfig? EDIT 2: Its a newly installed ubuntu server EDIT 3: Anytime I run rkhunter, I get a mail whit this warning -> Please inspect this machine, because it may be infected. - I have tried to run: "sudo /usr/bin/rkhunter --propupd" EDIT 4: On my old server it print me output like this if i run the first command in this post.
you're grepping for /dev/shm/.* in rkhunter.log, if it doesn't exist, then there's nothing to return, or pipe into the following commands. if you're trying to set it to allow or ignore the existence of those files, it should be set in /etc/rkhunter.conf anyway, not in /var/log/rkhunter.log you'll get warnings, on screen if rkhunter's run manually, or via email, if rkhunter scans find any issue, whether that be with any files, processes, or configs. rkhunter --propupd will update the checksum's for any changed files.. so it won't warn about them, rkhunter will still warn, however, if it finds processes using excessively large amounts of ram, or root ssh access being allowed if the rkhunter configuration file settings don't match the sshd.config settings, or various other things it may find, unless it's configured to allow or ignore them. read through the logfiles, find what it's warning about and then address that issue.
Hi Thanks for the reply. I'm trying to ignore files and dirs - Like: (the belove files from my old server) Code: # Dirs ALLOWHIDDENDIR=/etc/.java # SCRIPTWHITELIST SCRIPTWHITELIST=/usr/bin/egrep SCRIPTWHITELIST=/usr/bin/fgrep SCRIPTWHITELIST=/usr/bin/ldd SCRIPTWHITELIST=/usr/sbin/adduser SCRIPTWHITELIST=/usr/bin/which.debianutils # DEVFILE ALLOWDEVFILE=/dev/shm/mono.* ALLOWDEVFILE=/dev/shm/sem.netdata_sem_cgroup_ebpf ALLOWDEVFILE=/dev/shm/netdata_shm_cgroup_ebpf ALLOWDEVFILE=/dev/shm/PostgreSQL.* Of course, I will add it to this file: /etc/rkhunter.conf - But I don't know what to add to the file! On my old server, I cut run this command and I will show what to add to the /etc/rkhunter.conf Code: grep '^\[..:..:..\][[:blank:]]\{6\}.*/dev/shm/.*:' rkhunter.log |\awk '{print "ALLOWDEVFILE="$2}' | sed -e "s|:$||g" Where can I find what to add to the /etc/rkhunter.conf EDIT: Yes im new to linux
