Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 534048

Summary: app-forensics/rkhunter-1.4.2 - default configuration has invalid entries
Product: Gentoo Linux Reporter: Stephen Lewis <lewis+gentoo>
Component: Current packagesAssignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed>
Status: RESOLVED TEST-REQUEST    
Severity: normal CC: krinpaus, powerman-asdf
Priority: Normal    
Version: unspecified   
Hardware: AMD64   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Stephen Lewis 2014-12-30 22:55:06 UTC 
Default install of 'rkhunter' installs invalid config file...

I emerged a default install of 'rkhunter' and install was successful
but config file appears to contain two invalid entries.

================================================================
# equery list rkhunter
 * Searching for rkhunter ...
[IP-] [  ] app-forensics/rkhunter-1.4.2:0
# equery check rkhunter
* Checking app-forensics/rkhunter-1.4.2 ...
   42 out of 42 files passed

# rkhunter --check-config
Invalid TMPDIR configuration option: Non-existent pathname: /var/lib/rkhunter/tmp
Unknown enabled test name given: ALL
================================================================

The first can be corrected with:
mkdir /var/lib/rkhunter/tmp

As to the second, the config file says "ALL" is a valid entry but
'rkhunter --check-config' says it isn't.

Stephen Lewis
Comment 1 Alex Efros 2015-02-22 05:38:00 UTC 
Just noticed same issue on system installed a month ago.

Interestingly, on older system /var/lib/rkhunter/tmp/ already exists, so
  TMPDIR=/var/lib/rkhunter/tmp
in config works ok. After manually creating this directory issue was fixed.

As for issue with --check-config, look at this, it's gone after updates:

# rkhunter --check-config
Invalid TMPDIR configuration option: Non-existent pathname: /var/lib/rkhunter/tmp
Unknown enabled test name given: ALL

# grep -w ALL /etc/rkhunter.conf 
# option can use the word 'ALL' to refer to all of the available tests. The
ENABLE_TESTS=ALL

# mkdir /var/lib/rkhunter/tmp

# rkhunter --update
[ Rootkit Hunter version 1.4.2 ]

Checking rkhunter data files...
  Checking file mirrors.dat                                  [ No update ]
  Checking file programs_bad.dat                             [ No update ]
  Checking file backdoorports.dat                            [ No update ]
  Checking file suspscan.dat                                 [ No update ]
  Checking file i18n/cn                                      [ No update ]
  Checking file i18n/de                                      [ No update ]
  Checking file i18n/en                                      [ No update ]
/usr/sbin/rkhunter: line 7439: [: too many arguments
  Checking file i18n/tr                                      [ No update ]
  Checking file i18n/tr.utf8                                 [ No update ]
/usr/sbin/rkhunter: line 7439: [: too many arguments
  Checking file i18n/zh                                      [ No update ]
  Checking file i18n/zh.utf8                                 [ No update ]

# rkhunter --propupd
[ Rootkit Hunter version 1.4.2 ]
File updated: searched for 169 files, found 171

# rkhunter --check-config
# 


But, what's happens with --update output? This "too many arguments" error is new, I never seen it before.
Comment 2 Tupone Alfredo gentoo-dev 2015-04-27 07:22:40 UTC 
"too many arguments" warning come from a new version of grep
Need GREP_OPTS=-a 

see 
http://sourceforge.net/p/rkhunter/mailman/message/33150313/
Comment 3 tman 2015-11-01 07:34:59 UTC 
so what we can do even this problem is confirmed since 12/2014??
Comment 4 Pacho Ramos gentoo-dev 2017-08-30 18:32:42 UTC 
still valid with 1.4.4?
Comment 5 Alex Efros 2017-08-30 20:41:25 UTC 
(In reply to Pacho Ramos from comment #4)
> still valid with 1.4.4?

One of two issues is still valid: ebuild doesn't create /var/lib/rkhunter/tmp, but it should.