Ubuntu: Logwatch & RootKit Hunter on a workstation

On all my Linux servers I get a daily Logwatch report, so, since I'm using my Ubuntu laptops almost on a 24x7 basis, I would like to know what I have done in the past 24hrs, and how their are performing, so I have installed Logwatch on Karmic, but, since I don want to install and configure a lot of stuff, I have installed ssmtp as well, so the box can send emails without problems and without configuring a full blown MTA.

So here it goes.

$ sudo aptitude install ssmtp rkhunter logwatch

As usual, the logwatch needs a couple thing to get it up & working normally...
Create the missing directory:

$ sudo mkdir /var/cache/logwatch

And copy the default installation configuration file to its correct directory:

$ sudo cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/

And then edit the file '/etc/logwatch/conf/logwatch.conf', for the moment, the options that needs to be enabled are these:

Output = email
Detail = High

Later on, when everything is setup correctly and working, there is one last thing to edit on the configuration file, if you want to, and that is the detail, the amount of data that it will send on its daily reports; but for the moment, it is good enough to leave it with the default settings, so the test emails (and the CPU involved to create those reports) it is not wasted.

Then, onto the ssmtp stuff... Copy the original, and then edit the configuration file:

sudo cp /etc/ssmtp/ssmtp.conf /etc/ssmtp/ssmtp.conf.ORIG
sudo emacs /etc/ssmtp/ssmtp.conf

This file is super easy to configure, basically needs five configuration options, refer to this setup guide, Sending Email From Your System with sSMTP, you'll be sending emails with ssmtp in a jiffy.


EDIT:
January 29th 2010

Changed the Detail to High, it was on Low, the default.
Added a cp to the command:
sudo /etc/ssmtp/ssmtp.conf /etc/ssmtp/ssmtp.conf.ORIG