Threaded Mode | Linear Mode

owhosting · 02-19-2008 12:40 AM

When I try to view rootkit log i get the following...

Code:

/var/log/rkhunter.log: 

  /var/log/rkhunter.log doesn't exist or is empty 

  /var/log/chkrootkit.log: 

  /bin/sh: root: command not found

Have I done something wrong or is this ok?

~~gOOvER~~ · 02-19-2008 01:11 AM

It take some time, until you see the Log Smile

This looks not so good:

owhosting Wrote:

Code:

/bin/sh: root: command not found

Can you post your Cron?

Cube · 02-19-2008 01:27 AM

Code:

/var/log/chkrootkit.log: 

  /bin/sh: root: command not found

But this looks like cron already tried to run chkrootkit. Is your ispCP already running for more than a day? You can try to run the relevant commands from the crontab /etc/cron.d/ispcp manually.
If this does not work, tell us your ispCP version and post the tab.

owhosting · 02-19-2008 01:36 AM

I am on Debian Etch, and am running the most current version of ISPCP installed about 8 hours ago max. Please forgive me but I am a noob at this... where is my cron...and/or how do i run it?

outwarhosting:/usr/bin# crontab /etc/cron.d/ispcp
"/etc/cron.d/ispcp":25: bad minute
errors in crontab file, can't install.

Code:

# delayed tasks START.

# Quota

@daily root {QUOTA_ROOT_DIR}/ispcp-dsk-quota &>{LOG_DIR}/ispcp-dsk-quota.log

# Traffic

0,30    *       *       *       *  root {TRAFF_ROOT_DIR}/ispcp-srv-traff &>{LOG_DIR}/ispcp-srv-t    raff.log

0,30    *       *       *       *  root {TRAFF_ROOT_DIR}/ispcp-vrl-traff >{LOG_DIR}/ispcp-vrl-tr    aff.log

15,45   *       *       *       *  root {TRAFF_ROOT_DIR}/ispcp-vrl-traff-correction &>{LOG_DIR}/    ispcp-vrl-traff-correction.log

# customer logs

@daily root {TOOLS_ROOT_DIR}/ispcp-httpd-logs-mngr &>{LOG_DIR}/ispcp-httpd-logs-mngr.log

# Backup

@daily root {BACKUP_ROOT_DIR}/ispcp-backup-all yes &>{LOG_DIR}/ispcp-backup-all-mngr.log

@daily root {BACKUP_ROOT_DIR}/ispcp-backup-ispcp noreport &>{LOG_DIR}/ispcp-backup-ispcp-mngr.lo    g

# Remove config backups older than seven days

@daily root find {CONF_DIR}/*/backup/* -maxdepth 0 -type f -mtime +7 -print | egrep '.*\.[0-9]+$    ' | xargs -r /bin/rm

# Remove Daemon Logs older than 14 days (except .gz files)

@daily root find {LOG_DIR}/* -maxdepth 1 -type f -mtime +14 -print | egrep '.*\.gz$' | xargs -r     /bin/rm

# AWStats

{AW-ENABLED}15  */6     *       *       *       root {AWSTATS_ROOT_DIR}/awstats_updateall.pl now     -awstatsprog={AWSTATS_ENGINE_DIR}/awstats.pl >/dev/null 2>&1

# Rootkit Hunter

{RK-ENABLED}0   */12    *       *       *       root {RKHUNTER} --scan-knownbad-files --check-de    leted --createlogfile --cronjob --createlogfile {RKHUNTER_LOG}>/dev/null 2>&1

# Chkrootkit

{CR-ENABLED}0   */12    *       *       *       root {CHKROOTKIT} &> {CHKROOTKIT_LOG}

# Look for and purge old sessions every 30 minutes

0,30 *     * * *     root   {TOOLS_ROOT_DIR}/ispcpphptemp.sh >/dev/null 2>&1

# [{DMN_NAME}] backup task START.

# [{DMN_NAME}] backup task END.

# [{DMN_NAME}]:{CRONJOB_ID} custom task START.

# [{DMN_NAME}]:{CRONJOB_ID} custom task END.

# [{DMN_NAME}] AWStats static tasks START.

# [{DMN_NAME}] AWStats static tasks END.

# delayed tasks END.

Rene · 02-19-2008 01:53 AM

Code:

more /etc/cron.d/ispcp

owhosting · 02-19-2008 02:05 AM

See above..

Rene · 02-19-2008 02:08 AM

please remove:

Code:

{AW-ENABLED}

and

Code:

{AW-ENABLED}

and

Code:

{CR-ENABLED}

Cube · 02-19-2008 02:11 AM

The different {}-tags are not replaced. Perhaps also other config-files have this error.
Were there no errors during install? Is it a fresh install?
Is this a real or a virtual server?

@Rene
This will not be enough.

Rene · 02-19-2008 02:12 AM

the paths, there is something wrong, do you update or is this a fresh install?

~~gOOvER~~ · 02-19-2008 02:14 AM

If this is a new install, i believe you didn't follow the installguide. Which Version did you use? The RC3 or a nightly?

Threaded Mode \| Linear Mode Rootkit Log Problems Possibly
Author	Message