#4 Line up status tags in the 'professional' report.

closed-fixed
unSpawn
Rkhunter (37)
5
2007-03-29
2006-10-12
No

The interactive report lines up the status tags (like
[OK] and [BAD]) but the 'batch' report does not. This
slows the inspection of the resulting mailed report.

Please align the status field in the mailed report so
that they appear similar to the interactive report.

Discussion

  • unSpawn

    unSpawn - 2006-10-12

    Logged In: YES
    user_id=600864

    The interactive report lines up the status tags (like [OK]
    and [BAD]) but the 'batch' report does not.

    Please attach output of both and a description how it was
    run. If using a cronjob attach it as well.

    This slows the inspection of the resulting mailed report.

    I may be nitting, but why is using "grep BAD" (or piping it
    through grep in your MUA) not workable?

     
  • unSpawn

    unSpawn - 2006-10-12
    • assigned_to: nobody --> unspawn
     
  • Max TenEyck Woodbury

    Logged In: YES
    user_id=735003

    Because 'grep' is not availabe in the context of the old
    command line mail utility. Further there a whole bunch of
    different tags so a simple grep will not get all the
    information needed. Further, grep takes all the errors out
    of context and makes the result less useful. I rarely use
    rkhunter interactively. Instead I examine the mailed logs
    from a number of different machines using the command line
    mail utility in some cases and a gui mail browser in others.
    The mailed reports do NOT line up the status fields making
    the eyeball scan of the reports slower. I end up scanning a
    lot of rkhunter reports and the extra time adds up.

    By 'batch' I mean a 'cron' job.

    If you still want the files, say so.

     
  • John Horne

    John Horne - 2006-10-12

    Logged In: YES
    user_id=665381

    What about using the --report-warnings-only option? You
    should then only get info that you need to look at - i.e.
    info relating to problems.

     
  • Max TenEyck Woodbury

    Logged In: YES
    user_id=735003

    Hmm. Haven't tried that. But the full report for a cronjob
    is still more difficult to scan than it should be.

     
  • Max TenEyck Woodbury

    Logged In: YES
    user_id=735003

    This patch will align --cronjob output if possible.

     
  • Max TenEyck Woodbury

    changes to line up --cronjob output.

     
  • John Horne

    John Horne - 2006-10-18

    Logged In: YES
    user_id=665381

    The patch looks like it is for version 1.2.8 code. Is that
    correct?

     
  • Max TenEyck Woodbury

    Logged In: YES
    user_id=735003

    Yes.

     
  • Max TenEyck Woodbury

    Logged In: YES
    user_id=735003

    Your question about the version started me digging on what
    was the current version of rkhunter and I found that the old
    version had been removed from 'livna' (or maybe it was in
    Fedora-extras, either way it's gone now). Do you have a
    suggestion of a 'yum' source for the current version of
    rkhunter? I really don't like tar-balls; they are difficult
    to remove when it comes time to do so. I think I saw a
    mention of a .spec file someplace but I didn't see it in the
    CVS tree.

     
  • John Horne

    John Horne - 2007-03-29

    Logged In: YES
    user_id=665381
    Originator: NO

    The 'professional report' ('--report-mode') has been removed from the next release.

    The code for the '--quiet' and '--report-warnings-only' has been improved, such that using '-q --rwo' will only show warning messages. I would suggest that for cron jobs this should be adaquate - generally users are not interested in the results unless something wrong has been found.

    Any check performed by RKH that fails in some way produces a 'Warning'. There is no overall 'OK' and 'BAD' any more, since some test should produce a negative answer - e.g. checking for a rootkit should return 'Not found'; whereas checking for the /etc/passwd file should produce 'Found'. Running with colours then all these are green; warnings are red and so easy to pick out. Running via cron either use '--rwo' to only get warnings displayed, or check the log file and search for warnings.

    The displayed and log file messages are now the same, and are generally lined up - some messages are of course quite long and so knock the lineup a bit :-) Not much we can do about that.

    Fedora Extras contains a yum repository for rkhunter. However, it exists for FC5 but not FC6. You will need to contact the author to see about getting the latest rkhunter included in the repository. FC7 may be different, given that the 'Extras' are supposed to have been merged in with 'Fedora' itself now.

    CVS does contain the rkhunter.spec file, as does the tarball.

    John.

     
  • John Horne

    John Horne - 2007-03-29
    • status: open --> closed-fixed
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks