+- ispCP - Board - Support (http://www.isp-control.net/forum)
+-- Forum: ispCP Omega Support Area (/forum-30.html)
+--- Forum: Usage (/forum-34.html)
+--- Thread: Rootkit Log Problems Possibly (/thread-2485.html)
Pages: 1 2
Rootkit Log Problems Possibly - owhosting - 02-19-2008 12:40 AM
When I try to view rootkit log i get the following...
Code:
/var/log/rkhunter.log:
/var/log/rkhunter.log doesn't exist or is empty
/var/log/chkrootkit.log:
/bin/sh: root: command not foundHave I done something wrong or is this ok?
RE: Rootkit Log Problems Possibly - gOOvER - 02-19-2008 01:11 AM
It take some time, until you see the Log
This looks not so good:
owhosting Wrote:Code:
/bin/sh: root: command not found
Can you post your Cron?
RE: Rootkit Log Problems Possibly - Cube - 02-19-2008 01:27 AM
Code:
/var/log/chkrootkit.log:
/bin/sh: root: command not foundIf this does not work, tell us your ispCP version and post the tab.
RE: Rootkit Log Problems Possibly - owhosting - 02-19-2008 01:36 AM
I am on Debian Etch, and am running the most current version of ISPCP installed about 8 hours ago max. Please forgive me but I am a noob at this... where is my cron...and/or how do i run it?
outwarhosting:/usr/bin# crontab /etc/cron.d/ispcp
"/etc/cron.d/ispcp":25: bad minute
errors in crontab file, can't install.
Code:
# delayed tasks START.
# Quota
@daily root {QUOTA_ROOT_DIR}/ispcp-dsk-quota &>{LOG_DIR}/ispcp-dsk-quota.log
# Traffic
0,30 * * * * root {TRAFF_ROOT_DIR}/ispcp-srv-traff &>{LOG_DIR}/ispcp-srv-t raff.log
0,30 * * * * root {TRAFF_ROOT_DIR}/ispcp-vrl-traff >{LOG_DIR}/ispcp-vrl-tr aff.log
15,45 * * * * root {TRAFF_ROOT_DIR}/ispcp-vrl-traff-correction &>{LOG_DIR}/ ispcp-vrl-traff-correction.log
# customer logs
@daily root {TOOLS_ROOT_DIR}/ispcp-httpd-logs-mngr &>{LOG_DIR}/ispcp-httpd-logs-mngr.log
# Backup
@daily root {BACKUP_ROOT_DIR}/ispcp-backup-all yes &>{LOG_DIR}/ispcp-backup-all-mngr.log
@daily root {BACKUP_ROOT_DIR}/ispcp-backup-ispcp noreport &>{LOG_DIR}/ispcp-backup-ispcp-mngr.lo g
# Remove config backups older than seven days
@daily root find {CONF_DIR}/*/backup/* -maxdepth 0 -type f -mtime +7 -print | egrep '.*\.[0-9]+$ ' | xargs -r /bin/rm
# Remove Daemon Logs older than 14 days (except .gz files)
@daily root find {LOG_DIR}/* -maxdepth 1 -type f -mtime +14 -print | egrep '.*\.gz$' | xargs -r /bin/rm
# AWStats
{AW-ENABLED}15 */6 * * * root {AWSTATS_ROOT_DIR}/awstats_updateall.pl now -awstatsprog={AWSTATS_ENGINE_DIR}/awstats.pl >/dev/null 2>&1
# Rootkit Hunter
{RK-ENABLED}0 */12 * * * root {RKHUNTER} --scan-knownbad-files --check-de leted --createlogfile --cronjob --createlogfile {RKHUNTER_LOG}>/dev/null 2>&1
# Chkrootkit
{CR-ENABLED}0 */12 * * * root {CHKROOTKIT} &> {CHKROOTKIT_LOG}
# Look for and purge old sessions every 30 minutes
0,30 * * * * root {TOOLS_ROOT_DIR}/ispcpphptemp.sh >/dev/null 2>&1
# [{DMN_NAME}] backup task START.
# [{DMN_NAME}] backup task END.
# [{DMN_NAME}]:{CRONJOB_ID} custom task START.
# [{DMN_NAME}]:{CRONJOB_ID} custom task END.
# [{DMN_NAME}] AWStats static tasks START.
# [{DMN_NAME}] AWStats static tasks END.
# delayed tasks END.RE: Rootkit Log Problems Possibly - Rene - 02-19-2008 01:53 AM
Code:
more /etc/cron.d/ispcpRE: Rootkit Log Problems Possibly - owhosting - 02-19-2008 02:05 AM
See above..
RE: Rootkit Log Problems Possibly - Rene - 02-19-2008 02:08 AM
please remove:
Code:
{AW-ENABLED}Code:
{AW-ENABLED}Code:
{CR-ENABLED}RE: Rootkit Log Problems Possibly - Cube - 02-19-2008 02:11 AM
The different {}-tags are not replaced. Perhaps also other config-files have this error.
Were there no errors during install? Is it a fresh install?
Is this a real or a virtual server?
@Rene
This will not be enough.
RE: Rootkit Log Problems Possibly - Rene - 02-19-2008 02:12 AM
the paths, there is something wrong, do you update or is this a fresh install?
RE: Rootkit Log Problems Possibly - gOOvER - 02-19-2008 02:14 AM
If this is a new install, i believe you didn't follow the installguide. Which Version did you use? The RC3 or a nightly?