RKHunter warnings improvement

APPLIES TO:

Plesk 12.0 for Linux
Plesk 11.0 for Linux
Plesk 11.5 for Linux

Symptoms

I started a security check through Parallels Plesk Panel at Modules -> Watchdog -> Security -> Start. The process finished successfully, however, the following warning messages are reported in the Watchdog security check log (/var/log/rkhunter.log):

Warning: The command ‘/usr/bin/GET’ has been replaced by a script: /usr/bin/GET: perl script text executable
Warning: The command ‘/usr/bin/groups’ has been replaced by a script: /usr/bin/groups: Bourne shell script text executable
Warning: The command ‘/usr/bin/ldd’ has been replaced by a script: /usr/bin/ldd: Bourne shell script text executable
Warning: The command ‘/sbin/ifdown’ has been replaced by a script: /sbin/ifdown: Bourne-Again shell script text executable
Warning: The command ‘/sbin/ifup’ has been replaced by a script: /sbin/ifup: Bourne-Again shell script text executable

These files exist in the system. How can I reconfigure RKHunter to verify the existence of the binaries and remove the warning messages?
Resolution

It is recommended that you add the following directives into the RKHunter configuration file:

/usr/local/psa/etc/modules/watchdog/rkhunter.conf
—>8—
SCRIPTWHITELIST=/usr/bin/GET
SCRIPTWHITELIST=/usr/bin/groups
SCRIPTWHITELIST=/usr/bin/ldd
SCRIPTWHITELIST=/sbin/ifdown
SCRIPTWHITELIST=/sbin/ifup
—8<--- If you want to disable emails, check the log file at /usr/local/psa/etc/modules/watchdog/rkhunter.conf and set it to [bash] /usr/local/psa/etc/modules/watchdog/rkhunter.conf [/bash] Or in /etc/cron.daily/01-rkhunter

Leave a Comment