Zum Inhalt springen

Rkhunter/man

Aus Foxwiki

COMMAND OPTIONS

If no command option is given, then --help is assumed. rkhunter will return a non-zero exit code if any error or warning occurs.

-c, --check
This command option tells rkhunter to perform various checks on the local system. The result of each test will be displayed on stdout. If anything suspicious is found, then a warning will be displayed. A log file of the tests and the results will be automatically produced. It is suggested that this command option is run regularly in order to ensure that the system has not been compromised.
--unlock
This command option simply unlocks (removes) the lock file. If this option is used on its own, then no log file is created.
--update
This command option causes rkhunter to check if there is a later version of any of its text data files. A command-line web browser, for example wget or lynx, must be present on the system when using this option. It is suggested that this command option is run regularly in order to ensure that the data files are kept up to date. If this option is used via cron, then it is recommended that the --nocolors option is also used. An exit code of zero for this command option means that no updates were available. An exit code of one means that a download error occurred, and a code of two means that no error occurred but updates were available and have been installed.
--propupd [{filename | directory | package name},...]
One of the checks rkhunter performs is to compare various current file properties of various commands, against those it has previously stored. This command option causes rkhunter to update its data file of stored values with the current values. If the filename option is used, then it must either be a full pathname, or a plain file name (for example, 'awk'). When used, then only the entry in the file properties database for that file will be updated. If the directory option is used, then only those files listed in the database that are in the given directory will be updated. Similarly, if the package name option is used, then only those files in the database which are part of the specified package will be updated. The package name must be the base part of the name, no version numbers should be included - for example, 'coreutils'. Package names will, of course, only be stored in the file properties database if a package manager is being used. If a package name is the same as a file name - for example, 'file' could refer to the 'file' command or to the RPM 'file' package (which contains the 'file' command) - the package name will be used. If no specific option is given, then the entire database is updated. WARNING: It is the users responsibility to ensure that the files on the system are genuine and from a reliable source. rkhunter can only report if a file has changed, but not on what has caused the change. Hence, if a file has changed, and the --propupd command option is used, then rkhunter will assume that the file is genuine.
--versioncheck
This command option causes rkhunter to check if there is a later version of the program. A command-line web browser must be present on the system when using this option. If this option is used via cron, then it is recommended that the --nocolors option is also used. An exit code of zero for this command option means that no new version was available. An exit code of one means that an error occurred downloading the latest version number, and a code of two means that no error occurred but a new version is available.
--list [tests | {lang | languages} | rootkits | perl | propfiles]
This command option will list some of the supported capabilities of the program, and then exit. The tests option lists the currently available test names (see the README file for more details about test names). The languages option lists the currently available languages, and the rootkits option lists the rootkits that are searched for by rkhunter. The perl option lists the installation status of the perl command and perl modules that may be used by some of the tests. Note that it is not required to install these modules. However, if rkhunter is forced to use perl to execute a test then the module must be present. The propfiles option will list the file names that are used to generate the file properties database. If no specific option is given, then all the lists, except for the file properties database, are displayed.
-C, --config-check
This command option causes rkhunter to check its configuration file(s), and then exit. The program will run through its normal configuration checks as specified by the enable and disable options on the command-line and in the configuration files. That is, only the configuration options for tests which would normally run are checked. In order to check all the configured options, then use the --enable all --disable none options on the command line. Additionally, the program will check to see if there are any unrecognised configuration options. If any configuration problems are found, then they will be displayed and the return code will be set to 1. It is suggested that this option is used whenever the configuration file(s) have been changed.
-V, --version
This command option causes rkhunter to display its version number, and then exit.
-h, --help
This command option displays the help screen menu, and then exits.

TESTS

[This section to be written]

additional_rkts
This test is for SHORT_EXPLANATION. It works as part of GROUP. Corresponding configuration file entries: ONE=one, TWO=two and for white-listing THREE=three,three. Simple globbing (/dev/shm/file-*) works.
Abgerufen von „https://wiki.foxtom.de/index.php?title=Rkhunter/man&oldid=156000