Results 1 to 4 of 4

Thread: RKHUNTER: Cronjob with Popup-Notification...

  1. #1
    Join Date
    Jan 2009
    Location
    PARADISE
    Posts
    929

    Thumbs up RKHUNTER: Cronjob with Popup-Notification...

    Hi there. I'd like to know how to get rkhunter working as a cronjob, scanning the system twice a day. If an error/rootkit is found, a popup should notify me.
    The same should occure if no rootkits were found and the world is safe. Any ideas for accomplishing this task are appreciated.


    I'm not that much into writing scripts - maybe someone would be so friendly and write a basic one for me?
    CHECK OUT THESE GitHub PROJECTS!

    https://secupwn.github.io/Android-IMSI-Catcher-Detector/
    https://github.com/SecUpwN/Spotify-AdKiller

  2. #2
    Join Date
    Jun 2008
    Location
    The English Lake District. UK - GMT/BST
    Posts
    36,719
    Blog Entries
    20

    Default Re: RKHUNTER: Cronjob with Popup-Notification...

    This is from here: SourceForge.net: Rootkit Hunter FAQ

    3.3) How can I automatically run Rootkit Hunter every day?

    A. There are several ways that rkhunter can be run via cron. However,
    it must be remembered that cron will automatically email any output
    produced by the program to the root user. Secondly, when the rkhunter
    '--cronjob' option is used, the program will generally not produce
    any output. It is, therefore, necessary to tell rkhunter what output
    should be shown. Typically this will just be any warning messages,
    and this can be achieved by using the '--rwo' (report warnings only)
    option.

    For the first example, the rkhunter command could be added directly
    to the root crontab:

    30 5 * * * /usr/local/bin/rkhunter --cronjob --update --rwo

    This would run rkhunter at 5:30 (AM) every day. If no output is
    produced by rkhunter, then nothing is emailed to root. Any output
    this is produced, which would only be warning messages, is
    automatically emailed to root by the cron process.

    Note that the '--update' option has been included. Rkhunter will
    first perform any updates required to its data files, and then
    perform the system checks. This option can be omitted, but it is
    suggested that the option is used regularly to ensure that the
    rkhunter data files are kept up todate.

    If it is wished that all the normal output of rkhunter, as seen when
    running rkhunter from the command-line, is emailed to root, then this
    is possible. The '--rwo' option should be removed, and the '--cronjob'
    option replaced by '--sk --nocolors --check'.

    The next example is of a cronjob script. For Linux systems this
    script could be put in to the /etc/cron.daily directory, so that
    it will be automatically run every day.

    The script might look like this:

    #!/bin/sh

    ( /usr/local/bin/rkhunter --cronjob --update --rwo && echo "" ) \
    | /bin/mail -s "Rkhunter daily run on `uname -n`" root

    exit 0

    Because we are piping any output through to the mail command, it is
    required to use 'echo ""' when there are no warnings. Without this,
    the mail command would issue its own warning about there being no
    message body.

    If it is wished to include the date in the output, then something
    like this could be used instead:

    #!/bin/sh

    ( date; /usr/local/bin/rkhunter --cronjob --update --rwo ) \
    | /bin/mail -s "Rkhunter daily run on `uname -n`" root

    exit 0

    Finally, it is possible to run rkhunter in quiet-mode, whereby no
    output will be produced at all. However, if the return code indicates
    that warnings were found, then we get cron to mail the root user.
    For example:

    30 5 * * * /usr/local/bin/rkhunter --cronjob --update --quiet \
    || echo "Rkhunter daily run on `uname -n` has produced warning messages"

    An alternative to the above example would be to use:

    30 5 * * * /usr/local/bin/rkhunter --cronjob --update --quiet

    and then simply set the MAIL-ON-WARNING option in the configuration
    file with the root email address. This way, rkhunter produces no
    output, and so nothing is emailed to root by cron. However, if any
    warnings are found during the system check, then a notice message is
    emailed to root by rkhunter itself.

    Note: The '--quiet' option in the above two examples is not actually
    necessary, but was included for clarity. The '--cronjob' option assumes
    the '--quiet' option, and so, as mentioned above, when rkhunter is run
    with the '--cronjob' option no output is generally produced.
    Leap 15_KDE
    My Articles Was I any help? If yes: Click the star below

  3. #3
    Join Date
    Jan 2009
    Location
    PARADISE
    Posts
    929

    Default Re: RKHUNTER: Cronjob with Popup-Notification...

    Uhh... should've studied the manual extensively.
    THANKS. Looks like there's no option to pipe notifications through popups...
    CHECK OUT THESE GitHub PROJECTS!

    https://secupwn.github.io/Android-IMSI-Catcher-Detector/
    https://github.com/SecUpwN/Spotify-AdKiller

  4. #4
    Join Date
    Jun 2008
    Location
    Netherlands
    Posts
    24,721

    Default Re: RKHUNTER: Cronjob with Popup-Notification...

    It maybe possible to generate a window (which we hope will pop-up, else it is of no use), although I can not tell you how to program this. I only want to give you something to meditate (with a good glass ) when you want to do this:
    1) what to do when nobody is loged in into a GUI at the moment rkhunter runs;
    2) what to do when more GUI logins are running at that moment;
    3) another user (even root) can not open a window on a display (I mean the DISPLAY used by X) without allowance of the owner of the display (by xhost + or the like);
    4) more when you meditate on ....?

    My solution would go more in the direction of:
    1) a script that would be started by cron (of root), runs rkhunter and saves the output in a file readable by the world;
    2) a script that runs when you start your GUI session (.profile) and that checks that file (it could also store somewhere that it already did check today, so no need to do it again) and when needed generates a window with the text.

    Now that generating of a window is not my piece of cake, but I personaly would be content with calling Konsole in some way.
    Henk van Velden

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •