Current time: 11-25-2024, 09:47 PM Hello There, Guest! (LoginRegister)


Post Reply 
Rootkit Log Problems Possibly
Author Message
owhosting Offline
Junior Member
*

Posts: 32
Joined: Feb 2008
Reputation: 0
Post: #1
Rootkit Log Problems Possibly
When I try to view rootkit log i get the following...

Code:
/var/log/rkhunter.log:
  /var/log/rkhunter.log doesn't exist or is empty
  /var/log/chkrootkit.log:
  /bin/sh: root: command not found

Have I done something wrong or is this ok?
02-19-2008 12:40 AM
Find all posts by this user Quote this message in a reply
gOOvER Offline
Banned

Posts: 3,561
Joined: Jul 2007
Post: #2
RE: Rootkit Log Problems Possibly
It take some time, until you see the Log Smile

This looks not so good:
owhosting Wrote:
Code:
/bin/sh: root: command not found

Can you post your Cron?
(This post was last modified: 02-19-2008 01:28 AM by gOOvER.)
02-19-2008 01:11 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Cube Offline
Member
***

Posts: 740
Joined: Apr 2007
Reputation: 9
Post: #3
RE: Rootkit Log Problems Possibly
Code:
/var/log/chkrootkit.log:
  /bin/sh: root: command not found
But this looks like cron already tried to run chkrootkit. Is your ispCP already running for more than a day? You can try to run the relevant commands from the crontab /etc/cron.d/ispcp manually.
If this does not work, tell us your ispCP version and post the tab.
02-19-2008 01:27 AM
Find all posts by this user Quote this message in a reply
owhosting Offline
Junior Member
*

Posts: 32
Joined: Feb 2008
Reputation: 0
Post: #4
RE: Rootkit Log Problems Possibly
I am on Debian Etch, and am running the most current version of ISPCP installed about 8 hours ago max. Please forgive me but I am a noob at this... where is my cron...and/or how do i run it?

outwarhosting:/usr/bin# crontab /etc/cron.d/ispcp
"/etc/cron.d/ispcp":25: bad minute
errors in crontab file, can't install.


Code:
# delayed tasks START.

# Quota
@daily root {QUOTA_ROOT_DIR}/ispcp-dsk-quota &>{LOG_DIR}/ispcp-dsk-quota.log

# Traffic
0,30    *       *       *       *  root {TRAFF_ROOT_DIR}/ispcp-srv-traff &>{LOG_DIR}/ispcp-srv-t    raff.log
0,30    *       *       *       *  root {TRAFF_ROOT_DIR}/ispcp-vrl-traff >{LOG_DIR}/ispcp-vrl-tr    aff.log
15,45   *       *       *       *  root {TRAFF_ROOT_DIR}/ispcp-vrl-traff-correction &>{LOG_DIR}/    ispcp-vrl-traff-correction.log

# customer logs
@daily root {TOOLS_ROOT_DIR}/ispcp-httpd-logs-mngr &>{LOG_DIR}/ispcp-httpd-logs-mngr.log

# Backup
@daily root {BACKUP_ROOT_DIR}/ispcp-backup-all yes &>{LOG_DIR}/ispcp-backup-all-mngr.log
@daily root {BACKUP_ROOT_DIR}/ispcp-backup-ispcp noreport &>{LOG_DIR}/ispcp-backup-ispcp-mngr.lo    g

# Remove config backups older than seven days
@daily root find {CONF_DIR}/*/backup/* -maxdepth 0 -type f -mtime +7 -print | egrep '.*\.[0-9]+$    ' | xargs -r /bin/rm

# Remove Daemon Logs older than 14 days (except .gz files)
@daily root find {LOG_DIR}/* -maxdepth 1 -type f -mtime +14 -print | egrep '.*\.gz$' | xargs -r     /bin/rm

# AWStats
{AW-ENABLED}15  */6     *       *       *       root {AWSTATS_ROOT_DIR}/awstats_updateall.pl now     -awstatsprog={AWSTATS_ENGINE_DIR}/awstats.pl >/dev/null 2>&1

# Rootkit Hunter
{RK-ENABLED}0   */12    *       *       *       root {RKHUNTER} --scan-knownbad-files --check-de    leted --createlogfile --cronjob --createlogfile {RKHUNTER_LOG}>/dev/null 2>&1

# Chkrootkit
{CR-ENABLED}0   */12    *       *       *       root {CHKROOTKIT} &> {CHKROOTKIT_LOG}

# Look for and purge old sessions every 30 minutes
0,30 *     * * *     root   {TOOLS_ROOT_DIR}/ispcpphptemp.sh >/dev/null 2>&1

# [{DMN_NAME}] backup task START.
# [{DMN_NAME}] backup task END.

# [{DMN_NAME}]:{CRONJOB_ID} custom task START.
# [{DMN_NAME}]:{CRONJOB_ID} custom task END.

# [{DMN_NAME}] AWStats static tasks START.
# [{DMN_NAME}] AWStats static tasks END.

# delayed tasks END.
(This post was last modified: 02-19-2008 01:53 AM by owhosting.)
02-19-2008 01:36 AM
Find all posts by this user Quote this message in a reply
Rene Offline
Member
*
Beta Team

Posts: 342
Joined: Sep 2007
Reputation: 4
Post: #5
RE: Rootkit Log Problems Possibly
Code:
more /etc/cron.d/ispcp
02-19-2008 01:53 AM
Find all posts by this user Quote this message in a reply
owhosting Offline
Junior Member
*

Posts: 32
Joined: Feb 2008
Reputation: 0
Post: #6
RE: Rootkit Log Problems Possibly
See above..
02-19-2008 02:05 AM
Find all posts by this user Quote this message in a reply
Rene Offline
Member
*
Beta Team

Posts: 342
Joined: Sep 2007
Reputation: 4
Post: #7
RE: Rootkit Log Problems Possibly
please remove:
Code:
{AW-ENABLED}
and
Code:
{AW-ENABLED}
and
Code:
{CR-ENABLED}
02-19-2008 02:08 AM
Find all posts by this user Quote this message in a reply
Cube Offline
Member
***

Posts: 740
Joined: Apr 2007
Reputation: 9
Post: #8
RE: Rootkit Log Problems Possibly
The different {}-tags are not replaced. Perhaps also other config-files have this error.
Were there no errors during install? Is it a fresh install?
Is this a real or a virtual server?

@Rene
This will not be enough.
(This post was last modified: 02-19-2008 02:13 AM by Cube.)
02-19-2008 02:11 AM
Find all posts by this user Quote this message in a reply
Rene Offline
Member
*
Beta Team

Posts: 342
Joined: Sep 2007
Reputation: 4
Post: #9
RE: Rootkit Log Problems Possibly
the paths, there is something wrong, do you update or is this a fresh install?
02-19-2008 02:12 AM
Find all posts by this user Quote this message in a reply
gOOvER Offline
Banned

Posts: 3,561
Joined: Jul 2007
Post: #10
RE: Rootkit Log Problems Possibly
If this is a new install, i believe you didn't follow the installguide. Which Version did you use? The RC3 or a nightly?
02-19-2008 02:14 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 3 Guest(s)