When you see these in the report of rkhunter in a plesk server:
Warning: Found enabled xinetd service: /etc/xinetd.d/ftp_psa
Warning: Found enabled xinetd service: /etc/xinetd.d/poppassd_psa
Warning: Found enabled xinetd service: /etc/xinetd.d/smtp_psa
Warning: Found enabled xinetd service: /etc/xinetd.d/smtps_psa
Warning: Found enabled xinetd service: /etc/xinetd.d/submission_psa
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter/rkhunter.log)
The solution is:
Run
[root@server]# locate rkhunter.conf
if you have installed rkhunter via yum you will get:
/etc/rkhunter.conf
if you have installed it via plesk then:
/usr/local/psa/etc/modules/watchdog/rkhunter.conf
(I prefer via yum)
then vim the appropriate .conf file for example /etc/rkhunter.conf
and find the line with: #XINETD_ALLOWED_SVC=/etc/xinetd.d/echo
below add the following lines:
XINETD_ALLOWED_SVC=/etc/xinetd.d/ftp_psa
XINETD_ALLOWED_SVC=/etc/xinetd.d/poppassd_psa
XINETD_ALLOWED_SVC=/etc/xinetd.d/smtp_psa
XINETD_ALLOWED_SVC=/etc/xinetd.d/smtps_psa
XINETD_ALLOWED_SVC=/etc/xinetd.d/submission_psa
save and quit and then try to run rkhunter -c –report-warnings-only
if you dont get any output then you’re done.
[…] Rkhunter and plesk xinetd services […]