Debian Etch and rkhunter — hushing the daily email
I’ve got rkhunter installed on our Debian Etch box after a recent break-in on a home machine (long story, the short version involves silliness on my part changing to make my desktop receive incoming SSH connections—and leaving the patrick dummy account with its silly original password).
Every day I was getting two separate messages: one from rkhunter itself complaining
Warning: This operating system is not fully supported!
and the second from the daily cron job of running it, saying
/etc/cron.daily/rkhunter:
lsmod: QM_MODULES: Function not implemented
To hush the first, I edited the /var/lib/rkhunter/db/os.dat file and added the line
156:Debian 4.0 (i386):/usr/bin/md5sum:/bin:
I just read through the /usr/bin/rkhunter script to come up with the right syntax/values for this.
To make the daily cron mail stop, I edited the /etc/cron.daily/rkhunter script and changed the invocation line to redirect stderr to the log file (adding ‘2>&1‘) as well:
$RKHUNTER --cronjob --report-warnings-only --createlogfile /var/log/rkhunter.log > $OUTFILE 2>&1
Fingers crossed this does the trick.
