# Update #18 - RKHunter Daily Scan with Email Alerting and Log Cleanup #### **Date:** June 3, 2025 **Category:** Security / Monitoring **Backlink:** [Update #17 – Installing Root Kit Detection on Virtual Private Server](https://docs.natenetworks.com/books/02-project-notes/page/update-17-installing-root-kit-detection-on-virtual-private-server) --- ### **Overview** This update enhances our RKHunter setup by: - Automating daily scans - Emailing warnings only (using `msmtp`) - Saving results to timestamped log files - Cleaning up old logs monthly --- ### **Script Location** ```bash /usr/local/bin/rkhunter.sh ``` ### **Script Contents** ```bash #!/bin/bash # === CONFIG === EMAIL="natenetworks.alerts@gmail.com" LOGFILE="/var/log/rkhunter-manual-$(date +%F).log" WARNING_LOG="/tmp/rkhunter-warnings.log" # === RUN RKHUNTER TASKS === { echo "=== RKHUNTER SCAN STARTED: $(date) ===" sudo rkhunter --update sudo rkhunter --propupd sudo rkhunter -c -sk echo "=== RKHUNTER SCAN FINISHED: $(date) ===" } | tee -a "$LOGFILE" # === EXTRACT WARNINGS ONLY === grep 'Warning:' /var/log/rkhunter.log > "$WARNING_LOG" # === EMAIL IF WARNINGS EXIST === if [ -s "$WARNING_LOG" ]; then { echo "To: $EMAIL" echo "Subject: ⚠️ RKHunter Warning Report - $(hostname) - $(date +%F)" echo "Content-Type: text/plain" echo echo "RKHunter has reported warnings on $(hostname) at $(date):" echo cat "$WARNING_LOG" } | msmtp -t fi # === CLEANUP === rm -f "$WARNING_LOG" ``` --- ### **Scheduled Daily Cron Job** Added via root crontab: ```bash sudo crontab -e ``` ```bash 30 3 * * * /usr/local/bin/rkhunter.sh ``` --- ### **Monthly Log Cleanup** Old logs older than 30 days are purged automatically: ```bash @monthly find /var/log/ -name "rkhunter-manual-*.log" -mtime +30 -delete ``` --- ### **Email Setup** - Outgoing email uses `msmtp` - Alerts are only sent if `grep 'Warning:'` finds any issues --- ### **Status** - Email tested ✅ - Logs cleanly date-stamped ✅ - Monthly cleanup cron job added ✅ - Script ownership and permissions secured ✅