APPLIES TO:
Plesk 12.0 for Linux
Plesk 11.0 for Linux
Plesk 11.5 for Linux
Symptoms
I started a security check through Parallels Plesk Panel at Modules -> Watchdog -> Security -> Start. The process finished successfully, however, the following warning messages are reported in the Watchdog security check log (/var/log/rkhunter.log):
Warning: The command ‘/usr/bin/GET’ has been replaced by a script: /usr/bin/GET: perl script text executable
Warning: The command ‘/usr/bin/groups’ has been replaced by a script: /usr/bin/groups: Bourne shell script text executable
Warning: The command ‘/usr/bin/ldd’ has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable
Warning: The command ‘/sbin/ifdown’ has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable
Warning: The command ‘/sbin/ifup’ has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable
These files exist in the system. How can I reconfigure RKHunter to verify the existence of the binaries and remove the warning messages?
Resolution
It is recommended that you add the following directives into the RKHunter configuration file:
/usr/local/psa/etc/modules/watchdog/rkhunter.conf
—>8—
SCRIPTWHITELIST=/usr/bin/GET
SCRIPTWHITELIST=/usr/bin/groups
SCRIPTWHITELIST=/usr/bin/ldd
SCRIPTWHITELIST=/sbin/ifdown
SCRIPTWHITELIST=/sbin/ifup
—8<---
If you want to disable emails, check the log file at /usr/local/psa/etc/modules/watchdog/rkhunter.conf and set it to
[bash]
/usr/local/psa/etc/modules/watchdog/rkhunter.conf
[/bash]
Or in /etc/cron.daily/01-rkhunter