Default install of 'rkhunter' installs invalid config file... I emerged a default install of 'rkhunter' and install was successful but config file appears to contain two invalid entries. ================================================================ # equery list rkhunter * Searching for rkhunter ... [IP-] [ ] app-forensics/rkhunter-1.4.2:0 # equery check rkhunter * Checking app-forensics/rkhunter-1.4.2 ... 42 out of 42 files passed # rkhunter --check-config Invalid TMPDIR configuration option: Non-existent pathname: /var/lib/rkhunter/tmp Unknown enabled test name given: ALL ================================================================ The first can be corrected with: mkdir /var/lib/rkhunter/tmp As to the second, the config file says "ALL" is a valid entry but 'rkhunter --check-config' says it isn't. Stephen Lewis
Just noticed same issue on system installed a month ago. Interestingly, on older system /var/lib/rkhunter/tmp/ already exists, so TMPDIR=/var/lib/rkhunter/tmp in config works ok. After manually creating this directory issue was fixed. As for issue with --check-config, look at this, it's gone after updates: # rkhunter --check-config Invalid TMPDIR configuration option: Non-existent pathname: /var/lib/rkhunter/tmp Unknown enabled test name given: ALL # grep -w ALL /etc/rkhunter.conf # option can use the word 'ALL' to refer to all of the available tests. The ENABLE_TESTS=ALL # mkdir /var/lib/rkhunter/tmp # rkhunter --update [ Rootkit Hunter version 1.4.2 ] Checking rkhunter data files... Checking file mirrors.dat [ No update ] Checking file programs_bad.dat [ No update ] Checking file backdoorports.dat [ No update ] Checking file suspscan.dat [ No update ] Checking file i18n/cn [ No update ] Checking file i18n/de [ No update ] Checking file i18n/en [ No update ] /usr/sbin/rkhunter: line 7439: [: too many arguments Checking file i18n/tr [ No update ] Checking file i18n/tr.utf8 [ No update ] /usr/sbin/rkhunter: line 7439: [: too many arguments Checking file i18n/zh [ No update ] Checking file i18n/zh.utf8 [ No update ] # rkhunter --propupd [ Rootkit Hunter version 1.4.2 ] File updated: searched for 169 files, found 171 # rkhunter --check-config # But, what's happens with --update output? This "too many arguments" error is new, I never seen it before.
"too many arguments" warning come from a new version of grep Need GREP_OPTS=-a see http://sourceforge.net/p/rkhunter/mailman/message/33150313/
so what we can do even this problem is confirmed since 12/2014??
still valid with 1.4.4?
(In reply to Pacho Ramos from comment #4) > still valid with 1.4.4? One of two issues is still valid: ebuild doesn't create /var/lib/rkhunter/tmp, but it should.