#36 Systemd/journal support

Rkhunter (37)

Systemd uses an improved syslog implementation called 'the journal'. It replaces the traditional syslog daemon, but syslog (or syslog-ng) can run next to the journal. Rkhunter does currently not support detection of the systemd journal. Instead it warns about a not running syslog daemon.
Please add support for systemd's journal.


  • unSpawn

    unSpawn - 2012-10-31
    • milestone: --> main
    • assigned_to: nobody --> unspawn
  • unSpawn

    unSpawn - 2012-10-31

    Since you're the first one requesting this: what concrete and practical help (I mean not pointing to documentation, web logs, etc, etc.) can you offer -=us=- to add Systemd journal detection?

  • Patrick Smits

    Patrick Smits - 2012-11-01

    I've added a patch for systemd journal detection. It detects the journal daemon next to the syslog daemon. It also looks for the configuration file. I've tested the patch on my system with the systemd journal daemon running, and it works fine.

  • John Horne

    John Horne - 2012-12-21

    I have submitted a CVS change in which the detection of systemd is part of the (old) 'syslog' tests. What were the syslog tests have now been changed to 'system logging' tests, and the systemd journal check is part of that. The test is to look for some system logging daemon, regardless of whether it is syslog, rsyslog, metalog or systemd. The test will simply report that something has been found. The rkhunter log will log what 'syslog' type daemons have been found (so there could be more than one). Similarly the logging configuration file test will give one result, but can log that more than one config file was found.

  • John Horne

    John Horne - 2013-11-28
    • status: open --> closed-fixed

Log in to post a comment.