I was trying to get this working by configuring the MAIL_CMD like so: echo -e “Subject: [rkhunter] Warnings found for ${HOST_NAME}\n\n” $(egrep -x “^[.*] Warning:.*” /var/log/rkhunter.log) | sendmail
It works but included a little extra part of the egrep command for some reason.
I couldn’t get around this but then I remembered we were going to be calling this using cronic ( https://habilis.net/cronic/ )
So I just changed my crontab to: cronic rkhunter –check –rwo –no-mail-on-warning
Now I get the warnings in a beautiful emails like so: ============================================
Cronic detected failure or error output for the command:
rkhunter –check –rwo –no-mail-on-warning
RESULT CODE: 1
ERROR OUTPUT:
STANDARD OUTPUT:
Warning: The file properties have changed:
File: /usr/bin/mail
Current inode: 18331 Stored inode: 18308
Current file modification time: 1574699160 (25-Nov-2019 16:26:00)
Stored file modification time : 1574686593 (25-Nov-2019 12:56:33)
Warning: The file properties have changed:
File: /usr/bin/mail.mailutils
Current inode: 18320 Stored inode: 18297
START TIME: Mon Nov 25 16:28:01 UTC 2019
END TIME: Mon Nov 25 16:28:34 UTC 2019
=========================================
