RKHUNTER: Cronjob with Popup-Notification...

Hi there. I’d like to know how to get rkhunter working as a cronjob, scanning the system twice a day. If an error/rootkit is found, a popup should notify me.
The same should occure if no rootkits were found and the world is safe. Any ideas for accomplishing this task are appreciated.

I’m not that much into writing scripts - maybe someone would be so friendly and write a basic one for me? :wink:

This is from here: SourceForge.net: Rootkit Hunter FAQ

3.3) How can I automatically run Rootkit Hunter every day?

A. There are several ways that rkhunter can be run via cron. However,
it must be remembered that cron will automatically email any output
produced by the program to the root user. Secondly, when the rkhunter
‘–cronjob’ option is used, the program will generally not produce
any output. It is, therefore, necessary to tell rkhunter what output
should be shown. Typically this will just be any warning messages,
and this can be achieved by using the ‘–rwo’ (report warnings only)
option.

 For the first example, the rkhunter command could be added directly
 to the root crontab:                                               
      30 5 * * * /usr/local/bin/rkhunter --cronjob --update --rwo
 This would run rkhunter at 5:30 (AM) every day. If no output is
 produced by rkhunter, then nothing is emailed to root. Any output
 this is produced, which would only be warning messages, is       
 automatically emailed to root by the cron process.               
 Note that the '--update' option has been included. Rkhunter will
 first perform any updates required to its data files, and then  
 perform the system checks. This option can be omitted, but it is
 suggested that the option is used regularly to ensure that the  
 rkhunter data files are kept up todate.                         
 If it is wished that all the normal output of rkhunter, as seen when
 running rkhunter from the command-line, is emailed to root, then this
 is possible. The '--rwo' option should be removed, and the '--cronjob'
 option replaced by '--sk --nocolors --check'.                         
 The next example is of a cronjob script. For Linux systems this
 script could be put in to the /etc/cron.daily directory, so that
 it will be automatically run every day.                         
 The script might look like this:
      #!/bin/sh
      ( /usr/local/bin/rkhunter --cronjob --update --rwo && echo "" ) \
        | /bin/mail -s "Rkhunter daily run on `uname -n`" root         
      exit 0
 Because we are piping any output through to the mail command, it is
 required to use 'echo ""' when there are no warnings. Without this,
 the mail command would issue its own warning about there being no  
 message body.                                                      
 If it is wished to include the date in the output, then something
 like this could be used instead:                                 
      #!/bin/sh
      ( date; /usr/local/bin/rkhunter --cronjob --update --rwo ) \
        | /bin/mail -s "Rkhunter daily run on `uname -n`" root    
      exit 0
 Finally, it is possible to run rkhunter in quiet-mode, whereby no
 output will be produced at all. However, if the return code indicates
 that warnings were found, then we get cron to mail the root user.    
 For example:                                                         
      30 5 * * * /usr/local/bin/rkhunter --cronjob --update --quiet \
                 || echo "Rkhunter daily run on `uname -n` has produced warning messages"
 An alternative to the above example would be to use:
      30 5 * * * /usr/local/bin/rkhunter --cronjob --update --quiet
 and then simply set the MAIL-ON-WARNING option in the configuration
 file with the root email address. This way, rkhunter produces no   
 output, and so nothing is emailed to root by cron. However, if any 
 warnings are found during the system check, then a notice message is
 emailed to root by rkhunter itself.                                 
 Note: The '--quiet' option in the above two examples is not actually
 necessary, but was included for clarity. The '--cronjob' option assumes
 the '--quiet' option, and so, as mentioned above, when rkhunter is run 
 with the '--cronjob' option no output is generally produced.

Uhh… should’ve studied the manual extensively. :wink:
THANKS. Looks like there’s no option to pipe notifications through popups…

It maybe possible to generate a window (which we hope will pop-up, else it is of no use), although I can not tell you how to program this. I only want to give you something to meditate (with a good glass :wink: ) when you want to do this:

  1. what to do when nobody is loged in into a GUI at the moment rkhunter runs;
  2. what to do when more GUI logins are running at that moment;
  3. another user (even root) can not open a window on a display (I mean the DISPLAY used by X) without allowance of the owner of the display (by xhost + or the like);
  4. more when you meditate on …?

My solution would go more in the direction of:

  1. a script that would be started by cron (of root), runs rkhunter and saves the output in a file readable by the world;
  2. a script that runs when you start your GUI session (.profile) and that checks that file (it could also store somewhere that it already did check today, so no need to do it again) and when needed generates a window with the text.

Now that generating of a window is not my piece of cake, but I personaly would be content with calling Konsole in some way.