When rkhunter is emerged, all the perl scripts are copied to /usr/lib/rkhunter/scripts, but the check_update.sh scripts is forgotten. Reproducible: Always Steps to Reproduce: 1.emerge -v rkhunter 2.rkhunter --update 3. Actual Results: Running updater... /usr/bin/rkhunter: line 4389: /usr/lib/rkhunter/scripts/check_update.sh: No such file or directory Ready. Expected Results: Running updater... Mirrorfile /usr/lib/rkhunter/db/mirrors.dat rotated Using mirror http://www.rootkit.nl/rkhunter [DB] Mirror file : Up to date [DB] MD5 hashes system binaries : Up to date [DB] Operating System information : Update available Action: Database updated (current version: 2004061200, new version 2004081200) [DB] MD5 blacklisted tools/binaries : Up to date Ready. Portage 2.0.50-r9 (default-x86-1.4, gcc-3.3.3, glibc-2.3.3.20040420-r1, 2.6.7-gentoo-r13) ================================================================= System uname: 2.6.7-gentoo-r13 i686 Intel(R) Pentium(R) 4 CPU 2.66GHz Gentoo Base System version 1.4.16 distcc 2.13 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] Autoconf: sys-devel/autoconf-2.59-r4 Automake: sys-devel/automake-1.8.3 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CFLAGS="-march=pentium3 -O3 -pipe -fomit-frame-pointer -funroll-loops -frerun-cse-after-loop -frerun-loop-opt -fforce-addr -falign-functions=4" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=pentium3 -O3 -pipe -fomit-frame-pointer -funroll-loops -frerun-cse-after-loop -frerun-loop-opt -fforce-addr -falign-functions=4" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs buildpkg ccache digest sandbox strict" GENTOO_MIRRORS="ftp://203.16.234.20/pub/gentoo/ ftp://203.16.234.19/pub/gentoo/ http://203.16.234.19/pub/gentoo/ http://203.16.234.20/pub/gentoo/ http://www.ibiblio.org/gentoo" MAKEOPTS="-j2" PKGDIR="/usr/portage/distfiles/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="" SYNC="rsync://rsync.asia.gentoo.org/gentoo-portage" USE="X aalib acl acpi alsa avi cdparanoia cdr crypt cups dga divx4linux doc dvd dvdr dvdread encode esd fbcon foomaticdb gd gdbm gif gpm gtk gtk2 hardened imap imlib java jikes jpeg krb4 libg++ libwww live mad maildir mikmod mmx motif mozilla mpeg nas ncurses network nls nntp oggvorbis opengl oss pam pcmcia pdflib perl pic pie png ppds python quicktime radeon readline rtc sasl sdl snmp spell sse ssl svga tcltk tcpd tetex truetype unicode video_cards_radeon x86 xinerama xml2 xmms xv xvid zlib"
Created attachment 37453 [details, diff] Possible fix I'm unsure if this patch is necessary, as it's just a matter of adding "doexe *.sh" under the "doexe *.pl" line of both ebuilds. Also the --update switch isn't documented in the --help listing and therefore there may be a reason for not installing the check_update.sh script. However, unknown software versions during the application version scan cause rkhunter to request the user run rkhunter with the --update switch.
Is their homepage always this blanks?
solar, IMO, we should just add a doexe check_update.sh for now and if the number of shell scripts reaches > 1. change it to *.sh. Just my $0.02 though. Since you are the official maintainer of the ebuild, do what you feel best. Cheers
fixed in 1.1.5
solar, as an afterthough, should we also not fix 1.1.4 since it is marked stable?
Please test and tell me if you guys think 1.1.5 can be marked stable.
from testing last night & today, 1.1.5 looks good here. nightelf: did you get a change to test it?
I've had no problems with 1.1.5. However, I can't say I've tested it extensively, only running it with the --update/--check switches. I haven't installed the Ni0 rootkit to test the scripts additions. Also because my system is (supposedly/hopefully) clean, running rkhunter with the new --report-warnings-only switch results in nothing being outputted. The same applies for the open file tests. In regards to the --update switch, it seems they have added updates for the {good,bad}_progam list but aren't currently offering the update at the mirror sites (resulting in 404's). I can give no reason why this shouldn't be marked stable.
1.1.5 marked stable with a slight change to the cron script. added check_updates anyway to the 1.1.4