where is rkhunter cron controlled?

eLIANT

• August 02, 2022 15:32

Many questions about rkhunter here and in other threads, but none answer this basic question... Where is the rkhunter cron information? More specifically, /etc/cron.d holds several files that control various cron jobs using strings like this: [QUOTE]4 0 * * * root /usr/bin/yum -y -R 10 -d 0 -e 0 update yum 46 6 * * 6 root /usr/bin/yum -y -R 120 -d 0 -e 0 update
My question is: Where is this same information for the rkhunter cron job?

• 

  cPRex Jurassic Moderator

  • August 02, 2022 20:52

  Hey there! rkhunter isn't something that ships with cPanel, so I'm not sure I'll have this answer. By default, the tool just gets installed from source and there is no automation or cron as part of the configuration that I'm aware of. I'd also caution against using that tool, as the last stable release is from 20 February 2018, so I doubt it would be useful.

  0
• 

  ejsolutions

  • August 02, 2022 21:15

  .. so I doubt it would be useful.

  
  I tend to agree and reckon, now that it's "fixed", the passive fingerprinting within WHM is likely better suited.

  0
• 

  eLIANT

  • August 02, 2022 21:20

  I'd be happy to disable it. But to do that I still need an answer to my original post.

  0
• 

  cPRex Jurassic Moderator

  • August 02, 2022 21:22

  I'm not sure there's going to be a good answer for you, since that software is manually configured outside of cPanel tools. I would normally expect to find something in /etc/cron.d, but it's also possible this could be in root's crontab, which you can check with "crontab -e" from the command line.

  0
• 

  ejsolutions

  • August 02, 2022 21:22

  0
• 

  eLIANT

  • August 02, 2022 22:36

  CRONTAB -E: [QUOTE]23 15 * * * /usr/local/cpanel/scripts/exim_tidydb > /dev/null 2>&1 48 14 * * * /usr/local/cpanel/scripts/optimize_eximstats > /dev/null 2>&1 #5,35 * * * * /usr/local/bandmin/bandmin #27 0 * * * /usr/local/bandmin/ipaddrmap #3 21 * * 1 (/usr/local/cpanel/scripts/fix-cpanel-perl; /usr/local/cpanel/script/upcp --cron > /dev/null) 3 21 * * * (/usr/local/cpanel/scripts/fix-cpanel-perl; /etc/upcp_control) 27 * * * * /usr/bin/test -x /usr/local/cpanel/bin/tail-check && /usr/local/cpanel/bin/tail-check 6 */4 * * * /usr/bin/test -x /usr/local/cpanel/scripts/update_mailman_cache && /usr/local/cpanel/scripts/update_mailman_cache 38 */4 * * * /usr/bin/test -x /usr/local/cpanel/scripts/update_db_cache && /usr/local/cpanel/scripts/update_db_cache 22 */2 * * * /usr/local/cpanel/bin/mysqluserstore >/dev/null 2>&1 32 */2 * * * /usr/local/cpanel/bin/dbindex >/dev/null 2>&1 8 */6 * * * /usr/local/cpanel/scripts/autorepair recoverymgmt >/dev/null 2>&1 */5 * * * * /usr/local/cpanel/scripts/dcpumon-wrapper >/dev/null 2>&1 43 0 * * * /usr/local/cpanel/whostmgr/docroot/cgi/

  0
• 

  ejsolutions

  • August 02, 2022 23:02

  Nothing about rkhunter. /etc/cron.daily has file "rkhuinter" but it is the actual script, not the cron configuration line.

  
  You're not fully understanding how crontabs work. That IS the file that runs khunter on a daily basis. mv /etc/cron.daily/rkhunter.sh /root/rkhunter.disabled
  

  0
• 

  eLIANT

  • August 02, 2022 23:14

  Thanks for that information. So, just by existing in the cron.daily folder this rkhunter script runs? What kicks it off? Because it runs every 20 hours.

  0
• 

  ejsolutions

  • August 03, 2022 09:31

  0

Please sign in to leave a comment.