Bug 490284
| Summary: | Rkhunter and ssmtp no log | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Frank Murphy <frankly3d> |
| Component: | rkhunter | Assignee: | Kevin Fenzi <kevin> |
| Status: | CLOSED WORKSFORME | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | rawhide | CC: | devrim, kevin |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-04-07 02:49:30 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Frank Murphy
2009-03-14 19:27:55 UTC
rkhunter doesn't do anything strange here, it just calls /bin/mail and sends to 'root@localhost' perhaps the localhost is confusing it? Can you look in any ssmtp logs? Can you try manually sending to root@localhost? Any news here? (In reply to comment #2) > Any news here? Apologies, out of town (zero internet access, rural Ireland) Ok, sinceo leaving\coming-back Rawhide box has stopped sending logs period. On Fedora 10, updated to the Rkhunter, the most recent rkhunter-1.3.4-5.fc11.noarch. No logs,comint through for it. rkhunter.log is still being generated. No specific mention of rkhunter in maillog No specific ssmtp.log, which appears to be normal. No avc denials on F10\Rawhide re. anything. This may be a bit beyond me, I might put it out to the test-list, to see can anyone (more knowledgeable) can re-create. > Apologies, out of town (zero internet access, rural Ireland) No worries at all. ;) > Ok, sinceo leaving\coming-back Rawhide box has stopped sending logs period. So you get no emails at all from ssmtp? Try mailing 'root@localhost'? does that go through? > On Fedora 10, updated to the Rkhunter, > the most recent rkhunter-1.3.4-5.fc11.noarch. > No logs,comint through for it. rkhunter.log is still being generated. Are there any warnings being generated by rkhunter? If there are no warnings, it does not send any email, only if it has a warning or error. > No specific mention of rkhunter in maillog Well, it would just be a mail to 'root@localhost' at the time the daily cron jobs run. It would be going to whatever email address you have ssmtp setup to send to. > No specific ssmtp.log, which appears to be normal. >No avc denials on F10\Rawhide re. anything. >This may be a bit beyond me, I might put it out to the test-list, >to see can anyone (more knowledgeable) can re-create. ok. I can try install ssmtp here as well... This a snip from the F10 Box today: 10:27:42] The system checks took: 14 minutes and 11 seconds [10:27:42] [10:27:42] Info: End date is Sun Mar 22 10:27:42 GMT 2009 --------------------- Start Rootkit Hunter Update --------------------- [ Rootkit Hunter version 1.3.4 ] Checking rkhunter data files... Checking file mirrors.dat [ No update ] Checking file programs_bad.dat [ No update ] Checking file backdoorports.dat [ No update ] Checking file suspscan.dat [ No update ] Checking file i18n/cn [ No update ] Checking file i18n/de [ No update ] Checking file i18n/en [ No update ] Checking file i18n/zh [ No update ] Checking file i18n/zh.utf8 [ No update ] ---------------------- Start Rootkit Hunter Scan ---------------------- Warning: The file '/usr/sbin/xinetd' exists on the system, but it is not present in the rkhunter.dat file. One or more warnings have been found while checking the system. Please check the log file (/var/log/rkhunter/rkhunter.log) ----------------------- End Rootkit Hunter Scan ----------------------- Warning, I will let you know tomorrow, if it comes through. Hasn't as yet. at 20.07 Irish Time Can you attach your /etc/ssmtp/ssmtp.conf file? I just tested it here and it works fine for me. There is also a: Debug=YES at the end of the ssmtp.conf file, can you comment that in and try it? Moved Debug=YES to top of ssmtp.conf Looking back over your comments #1 did the following: -------------- rkhunter.conf MAIL-ON-WARNING="root" -------------- F10 box I now got a warning mail as per Comment #5. Rawhide No Joy as yet. Wiped the rawhide box, reinstalled from: http://ftp.heanet.ie/pub/fedora/linux/development/i386/os/images/boot.iso 27-Mar-2009 10:10 167M Got this in from isp: The following message to <root@localhost> was undeliverable. The reason for the problem: 5.1.1 - Bad destination email address 'invalid domain "localhost": no dot found' Reporting-MTA: dns; mail2.u.tv Final-Recipient: rfc822;root@localhost Action: failed Status: 5.0.0 (permanent failure) Diagnostic-Code: smtp; 5.1.1 - Bad destination email address 'invalid domain "localhost": no dot found' (delivery attempts: 0) After changing rkhunter.conf report to "root", all systems go. PS: Like the new XFCE style ok, Whats does: grep root /etc/ssmtp/ssmtp.conf Show? That should be your email address that you want it to send all root email to. This looks like a smtp config issue more than a rkhunter one. I guess I could change rkhunter to mail to 'root', but that could give an unexpected result in some cases where people are expecting it to go to localhost. (In reply to comment #9) > ok, Whats does: > > grep root /etc/ssmtp/ssmtp.conf > root=logs (my central logging addy) > Show? > > That should be your email address that you want it to send all root email to. > > This looks like a smtp config issue more than a rkhunter one. > I guess I could change rkhunter to mail to 'root', but that could give an > unexpected result in some cases where people are expecting it to go to > localhost. At this stage would agree. But if other come across this problem it, there's at least a rough hack. Maybe close it? I'm happy to close this if you are satisfied that it's working now. ;) Feel free to re-open it or file a new one if you spot anything else. |