Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Rootkit Hunter 1.1.5

Discussion in 'cPanel Developers' started by eazistore, Aug 11, 2004.

  1. sawbuck

    sawbuck Well-Known Member

    Joined:
    Jan 18, 2004
    Messages:
    1,366
    Likes Received:
    6
    Trophy Points:
    168
    cPanel Access Level:
    Root Administrator
    Yes.......
     
  2. ony101

    ony101 Registered

    Joined:
    Aug 11, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    151
    Location:
    London, UK
    OK.............
     
  3. Marty

    Marty Well-Known Member

    Joined:
    Oct 10, 2001
    Messages:
    630
    Likes Received:
    1
    Trophy Points:
    318
    When I run rkhunter v1.2.5, I get the following:

    Code:
    * Filesystem checks
       Checking /dev for suspicious files...                      [ Warning! (unusual files found) ]
    ---------------------------------------------
    Unusual files:
    /dev/tmpMnt:      Linux rev 1.0 ext2 filesystem data (mounted or unclean) (errors)
    ---------------------------------------------
    
    Any ideas?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. chirpy

    chirpy Well-Known Member Verifed Vendor

    Joined:
    Jun 15, 2002
    Messages:
    13,460
    Likes Received:
    22
    Trophy Points:
    463
    Location:
    Go on, have a guess
    I would guess that's a manually created /tmp partition, and if so, can be ignored.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Marty

    Marty Well-Known Member

    Joined:
    Oct 10, 2001
    Messages:
    630
    Likes Received:
    1
    Trophy Points:
    318
    Chirpy,

    Good call! You are 100% correct. Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  6. quadrahost

    quadrahost Active Member

    Joined:
    Jul 17, 2003
    Messages:
    44
    Likes Received:
    0
    Trophy Points:
    156
    1.2.7 is out now. Great thread!
     
  7. Aric1

    Aric1 Well-Known Member

    Joined:
    Oct 15, 2003
    Messages:
    324
    Likes Received:
    0
    Trophy Points:
    166
    cPanel Access Level:
    DataCenter Provider
    For those of you who like to have rkhunter run automatically and have it update itself, I use this script:
    Code:
    #!/bin/bash
    
    ## Update the database first
    /usr/local/bin/rkhunter --update
    
    ##Gather Versions
    THISVER=`/usr/local/bin/rkhunter --versioncheck | grep "This version:"`
    LATVER=`/usr/local/bin/rkhunter --versioncheck | grep "Latest version:"`
    UPDATEAVAIL=`/usr/local/bin/rkhunter --versioncheck | grep "Update available"`
    
    ##Print The Versions
    echo "$THISVER"
    echo "$LATVER"
    
    ##If Update Doesn't Exist
    if [ -z "$UPDATEAVAIL" ] ; then
            ##No Updates Are Available
            echo "No Updates Available"
    else
            ##Print Update Available
            echo $UPDATEAVAIL
    
            ##Print New Version
            NEWVER=`echo $LATVER | awk '{ print $3;}'`
            OLDVER=`echo $THISVER | awk '{ print $3;}'`
    
            ## Check that the new version is actually greater - sometimes it's old..
            if [ ${NEWVER//./} -gt ${OLDVER//./} ] ; then
                    ##Begin Fresh Install
                    cd /usr/local/src
                    rm -r -f rkhunter-$NEWVER.tar.gz
                    rm -r -f rkhunter-$NEWVER.tar
                    wget  http://downloads.rootkit.nl/rkhunter-$NEWVER.tar.gz -q
                    gunzip rkhunter-$NEWVER.tar.gz
                    tar -xf rkhunter-$NEWVER.tar
                    rm -r -f rkhunter-$NEWVER.tar
                    cd rkhunter
                    echo "Installing version $NEWVER"
                    sh installer.sh > /dev/null
            else
                    echo "Latest version is actually older, so ignoring"
           fi                                                    
    fi
    
    ##Create Temp Log
    touch tmp.log
    
    ##Empty Temp Log
    echo > tmp.log
    
    ##Run RKHUNTER To Log
    /usr/local/bin/rkhunter -c --cronjob --createlogfile --display-logfile >> tmp.log
    
    ##Print Log
    cat tmp.log

    I have it set to display the detailed log file also so if a potential issue is discovered, you have more detail about what triggered the warning.

    Just name this script whatever you want and throw it in /etc/cron.daily or execute it from the crontab. Make sure the script is owned/executed by root with 0700 permissions.

    Don't forget to show your appreciation to the author by buying him something on his Amazon wishlist. He's a nice guy and does a good job keeping rkhunter updated.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice