How to change rkhunter daily monitoring email address

Discussion in 'Installation/Configuration' started by msp, Jan 28, 2013.

  1. msp

    msp New Member

    Hi

    I am currently receiving daily emails (from: root, to: root) about rkhunter.

    How can I change the delivery address for these emails?

    For reference, the emails say:

    Code:
    From root@myserver.com  Fri May  4 06:28:43 2012
    Return-Path: <root@myserver.com>
    X-Original-To: root@myserver.com
    Delivered-To: root@myserver.com
    X-Virus-Scanned: Debian amavisd-new at myserver.com
    Subject: [rkhunter] myserver.com - Daily report
    To: root@myserver.com
    Date: Fri,  4 May 2012 06:28:27 +0100 (BST)
    From: root@myserver.com (root)
    Status: RO
    
    Warning: The file '/usr/bin/GET' exists on the system, but it is not present in the rkhunter.dat file.
    Warning: The file '/usr/bin/lwp-request' exists on the system, but it is not present in the rkhunter.dat file.
    Warning: The file '/usr/sbin/inetd' exists on the system, but it is not present in the rkhunter.dat file.
    Warning: No output found from the lsmod command or the /proc/modules file:
             /proc/modules output:
             lsmod output:
    Warning: The SSH and rkhunter configuration options should be the same:
             SSH configuration option 'PermitRootLogin': yes
             Rkhunter configuration option 'ALLOW_SSH_ROOT_USER': no
    Warning: Hidden directory found: /dev/.udev
    
    One or more warnings have been found while checking the system.
    Please check the log file (/var/log/rkhunter.log)
    
     
  2. edge

    edge HowtoForge Supporter

    You can set it in rkhunter.conf under "MAIL-ON-WARNING = your@email.address"

    It should be in /etc
     
  3. lamarus

    lamarus New Member

  4. jossmalo

    jossmalo New Member

    Old Thread, but top result on google. I found the solution (on CentOS) was to edit the system configuration file for Rootkit Hunter at /etc/sysconfig/rkhunter
    # vim /etc/sysconfig/rkhunter
    MAILTO=you@example.com

    Hope this helps others
     
    till likes this.

Share This Page