Rkhunter/Optionen
Optionen
rkhunter verwendet für viele seiner Konfigurationsoptionen eine Konfigurationsdatei namens „rkhunter.conf”. Es kann auch eine lokale Konfigurationsdatei namens „rkhunter.conf.local” und ein Verzeichnis namens „rkhunter.d” verwenden, sofern dieses vorhanden ist. Sowohl die lokale Konfigurationsdatei als auch das lokale Verzeichnis müssen sich im selben Verzeichnis wie die Hauptkonfigurationsdatei befinden. Das Installationsprogramm erstellt weder die lokale Datei noch das Verzeichnis, aber beide können bei Bedarf vom Benutzer erstellt werden. Wenn ein Verzeichnis verwendet wird, werden alle Dateien mit der Endung „.conf” in diesem Verzeichnis als lokale Konfigurationsdatei behandelt.
Einige Optionen können auch über die Befehlszeile angegeben werden und überschreiben die entsprechenden Optionen in der Konfigurationsdatei. Die Optionen der Konfigurationsdatei sind in der Hauptkonfigurationsdatei selbst gut dokumentiert. Im Folgenden sind die Befehlszeilenoptionen aufgeführt. Die hier genannten Standardwerte sind die Programmstandardwerte, sofern nicht ausdrücklich als Standardwert der Konfigurationsdatei angegeben.
| Unix | GNU | Parameter | Beschreibung |
|---|---|---|---|
| Option | Beschreibung |
|---|---|
| --appendlog | By default a new log file will be created when rkhunter runs, and the previous log file will be renamed by having .old appended to its name. This option tells rkhunter to append to the existing log file. If the log file does not exist, then it will be created. |
| --bindir <directory>... | This option modifies which directories rkhunter looks in to find the various commands it requires (that is, its PATH). The default is the root PATH, and an internal list of some common command directories. By default a specified directory will be appended to the default list. However, if the directory name begins with the '+' character, then it will be prepended to the list (that is, it will be put at the start of the list). |
| --cs2, --color-set2 | By default rkhunter will display its test results in color. The colors used are green for successful tests, red for failed tests (warnings), and yellow for skipped tests. These colors are visible when a black background is used, but are difficult to see on a white background. This option tells rkhunter to use a different color set which is more suited to a white background. |
| --configfile <file> | The installation process will automatically tell rkhunter where its configuration file is located. However, if necessary, this option can be used to specify a different pathname. If a local configuration file, or directory, is to be used, then it must reside in the same directory as the configuration file specified by this option. |
| --cronjob | This is similar to the --check command option, but it disables several of the interactive options. When this option is used --check, --nocolors and --skip-keypress are assumed. By default no output is sent to stdout, so the --report-warnings-only option may be useful with this option. |
| --dbdir <directory> | The installation process will automatically configure where the data files are stored for rkhunter. However, if necessary, this option can be used to specify a different directory. The directory can be read-only, after installation, provided that neither of the --update or --propupd options are specified, and that the --versioncheck option is not specified if ROTATE_MIRRORS is set to 1 in the configuration file. |
| --debug | This is a special option mainly for the developers. It produces no output on stdout. Regular logging will continue as per default or as specified by the --logfile option, and the debug output will be in a randomly generated filename which starts with /tmp/rkhunter-debug. |
| --disable <test>[,<test>...] | This option tells rkhunter not to run the specified tests. Read the README file for more information about test names. By default no tests are disabled. |
| --display-logfile | This option will cause the logfile to be displayed on the screen once rkhunter has finished. |
| --enable <test>[,<test>...] | This option tells rkhunter to only run the specified tests. If only one test name, other than all, is given, then the --skip-keypress option is assumed. Read the README file for more information about test names. By default all tests are enabled. All the test names are listed below under TESTS. |
| SHA1 | SHA224 | SHA256 | SHA384 | SHA512 | | <command>} Both the file properties check and the --propupd command option will use a hash function to determine a files current hash value. This option tells rkhunter which hash function to use. The MD5 and SHA options will look for the relevant command, and, if not found, a perl support script will then be used to see if a perl module supporting the function has been installed. Alternatively, a specific command may be specified. A value of NONE can be used to indicate that the hash values should not be obtained or used as part of the file properties check. The default is SHA256. Systems using prelinking must use either MD5, SHA1 or NONE. |
| --lang, --language <language> | This option specifies which language to use for the displayed tests and results. The currently supported languages can be seen by the --list command option. The default is en (English). If a message to be displayed cannot be found in the language file, then the English version will be used. As such, the English language file must always be present. The --update command option will update the language files when new versions are available. |
| -l, --logfile [file] | By default rkhunter will write out a log file. The default location of the file is /var/log/rkhunter.log. However, this location can be changed by using this option. If /dev/null is specified as the log file, then no log file will be written. If no specific file is given, then the default will be used. By default rkhunter will create a new log file each time it is run. Any previously existing logfile is moved out of the way, and has .old appended to it. |
| --noappend-log | This option reverts rkhunter to its default behaviour of creating a new log file rather than appending to it. |
| --nocf | This option is only valid when the command-line --disable option is used. When the --disable option is used, by default, the configuration file option to disable tests is also used to determine which tests to run. If only the --disable option is to be used to determine which tests to run, then --nocf must be given. |
| --nocolors | This option causes the result of each test to not be displayed in a specific color. The default color, usually the reverse of the background color, will be used (typically this is just black and white). |
| --nolog | This option tells rkhunter not to write anything to a log file. |
| --nomow, --no-mail-on-warning | The configuration file has an option which will cause a simple email message to be sent to a user should rkhunter detect any warnings during system checks. This command-line option overrides the configuration file option, and prevents an email message from being sent. The configuration file default is not to email a message. |
| --ns, --nosummary | When the --check command option is used, by default a short summary of results is displayed at the end. This option prevents the summary from being displayed. |
| --novl, --no-verbose-logging | During some tests rkhunter will log a lot of information. Use of this option reduces the amount of logging, and so can improve the performance of rkhunter. However, the log file will contain less information should any warnings occur. By default verbose logging is enabled. |
| DPKG | BSD | BSDng | SOLARIS | NONE} | This option is used during the file properties check or when the --propupd command option is given. It tells rkhunter that the current file property values should be obtained from the relevant package manager. See the README file for more details of this option. The default is NONE, which means not to use a package manager. |
| -q, --quiet | This option tells rkhunter not to display any output. It can be useful when only the exit code is going to be checked. Other options may be used with this one, to force only specific items to be displayed. |
| --rwo, --report-warnings-only | This option causes only warning messages to be displayed. This can be useful when rkhunter is run via cron. Other options may be used to force other items of information to be displayed. |
| --sk, --skip-keypress | When the --check command option is used, after certain sections of tests, the user will be prompted to press the return key in order to continue. This option disables that feature, and rkhunter will run until all the tests have completed. If this option has not been given, and the user is prompted to press the return key, a single s' character, in upper- or lowercase, may be given followed by the return key. rkhunter will then continue the tests without prompting the user again (as if this option had been given). |
| --summary | This option will cause the summary of test results to be displayed. This is the default. |
| --syslog [facility.priority] | When the --check command option is used, this option will cause the start and finish times to be logged to syslog. The default is not to log anything to syslog, but if the option is used, then the default level is authpriv.notice. |
| --tmpdir <directory> | The installation process will automatically configure where temporary files are to be created. However, if necessary, this option can be used to specify a different directory. The directory must not be a symbolic link, and must be secure (root access only). |
| --vl, --verbose-logging | This option tells rkhunter that when it runs some tests, it should log as much information as possible. This can be useful when trying to diagnose why a warning has occurred, but it obviously also takes more time. The default is to use verbose logging. |
| -x, --autox | When this option is used, rkhunter will try and detect if the X Window system is in use. If it is in use, then the second color set will automatically be used (see the --color-set2 option). This allows rkhunter to be run on, for example, a server console (where X is not present, so the default color set should be used), and on a users terminal (where X is in use, so the second color set should be used). In both cases rkhunter will use the correct color set. The configuration file default is to try and detect X. |
| -X, --no-autox | This option prevents rkhunter from automatically detecting if the X Window system is being used. See the --autox option. |