rkhunter: Please have a look at #726353

[Julius Seemayer]

Hi Forensics Team,


bug  #726353  [1] hasn't got any sensible replies, although it's open for some
time. Please have a look at it. 


Cheers,

Julius



[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726353

___
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel

Bug#726353: rkhunter: must be present on the system messages for all /{s, }bin tools

[Julius Seemayer]

Package: rkhunter
Version: 1.4.0-1
Severity: important

rkhunter on a Wheezy box:

# apt-cache policy rkhunter
rkhunter:
  Installed: 1.4.0-1
  Candidate: 1.4.0-1
  Version table:
 *** 1.4.0-1 0
500 http://ftp.de.debian.org/debian/ wheezy/main i386 Packages
100 /var/lib/dpkg/status
# rkhunter -c || echo $?
The command 'cat' must be present on the system in order to run rkhunter.
The command 'chmod' must be present on the system in order to run rkhunter.
The command 'chown' must be present on the system in order to run rkhunter.
The command 'cp' must be present on the system in order to run rkhunter.
The command 'date' must be present on the system in order to run rkhunter.
The command 'egrep' must be present on the system in order to run rkhunter.
The command 'ls' must be present on the system in order to run rkhunter.
The command 'mv' must be present on the system in order to run rkhunter.
The command 'sed' must be present on the system in order to run rkhunter.
The command 'uname' must be present on the system in order to run rkhunter.
1
# 

I didn't change /e/d/rkhunter nor /e/rkhunter.conf, but the very same conf is
running on multiple boxes without problems. Debug log is attached below [1].

As far I can see, the second call on check_required_commands() doesn't include
/{s,}bin, so probably $BINPATHS is set wrong at that time. Manual setting with
--binpath /bin doesn't change the output on stdout/err or in the debug log.


Cheers,

Julius



-- System Information:
Debian Release: 7.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i686

Shell: /bin/sh linked to /bin/dash

Versions of packages rkhunter depends on:
ii  binutils   2.22-8
ii  debconf [debconf-2.0]  1.5.49
ii  file   5.11-2
ii  net-tools  1.60-24.2
ii  perl   5.14.2-21+deb7u1
ii  ucf3.0025+nmu3

Versions of packages rkhunter recommends:
ii  curl7.26.0-1+wheezy4
ii  iproute 20120521-3+b3
ii  lsof4.86+dfsg-1
ii  postfix [mail-transport-agent]  2.9.6-2
ii  unhide  20110113-4
ii  wget1.13.4-3

Versions of packages rkhunter suggests:
ii  bsd-mailx [mailx] 8.1.2-0.2006cvs-1
ii  heirloom-mailx [mailx]12.5-2
pn  libdigest-whirlpool-perl  none
ii  liburi-perl   1.60-1
ii  libwww-perl   6.04-1
ii  powermgmt-base1.31
pn  tripwire  none

[1] 
+ test 0 -eq 1
+ print rkh-ksh-string-test
+ [  = rkh-ksh-string-test ]
+ [ 0 -eq 1 ]
+ MYSHELL=/bin/sh
+ test -h /bin/sh
+ readlink /bin/sh
+ MYSHELL=dash
+ basename dash
+ MYSHELL=dash
+ test -z dash
+ echo -e rkh-ksh\tstring-test
+ [ -e rkh-ksh  string-test = rkh-ksh   string-test ]
+ ECHOOPT=
+ echo -n -e rkh-ksh-string-test
+ [ -e rkh-ksh-string-test = rkh-ksh-string-test ]
+ echo -e rkh-ksh-string-test\c
+ [ -e rkh-ksh-string-test = rkh-ksh-string-test ]
+ echo rkh-ksh-string-test\c
+ [ rkh-ksh-string-test = rkh-ksh-string-test ]
+ ECHON=c
+ head -n 1
+ HEAD_OPT=-n 
+ tail -n 1
+ TAIL_OPT=-n 
+ [ 1 -eq 1 -a dash = ksh ]
+ trap - 13
+ PROGRAM_NAME=Rootkit Hunter
+ PROGRAM_version=1.4.0
+ PROGRAM_copyright_owner=Michael Boelen
+ PROGRAM_copyright=Copyright (c) 2003-2012, Michael Boelen
+ PROGRAM_blurb=
Currently under active development by the Rootkit Hunter project team.
Please review your rkhunter.conf before using.
Please review the documentation before posting bug reports or questions.
To report bugs, obtain updates, or provide patches or comments, please go to:
http://rkhunter.sourceforge.net

To ask questions about rkhunter, please use the rkhunter-users mailing list.
Note this is a moderated list: please subscribe before posting.

Rootkit Hunter comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the
terms of the GNU General Public License. See the LICENSE file for details.

+ PROGRAM_license=
Rootkit Hunter 1.4.0, Copyright (c) 2003-2012, Michael Boelen

Currently under active development by the Rootkit Hunter project team.
Please review your rkhunter.conf before using.
Please review the documentation before posting bug reports or questions.
To report bugs, obtain updates, or provide patches or comments, please go to:
http://rkhunter.sourceforge.net

To ask questions about rkhunter, please use the rkhunter-users mailing list.
Note this is a moderated list: please subscribe before posting.

Rootkit Hunter comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the
terms of the GNU General Public License. See the LICENSE file for details.


+ CRONJOB=0
+ CHECK=0
+ CATLOGFILE=0
+ NOLOG=0
+ RKHLOGFILE=
+ DFLT_LOGFILE=/var/log/rkhunter.log
+ APPEND_LOG=0
+ APPEND_OPT=0
+ COPY_LOG_ON_ERROR=0
+ USE_SYSLOG=
+ SYSLOG_DFLT_PRIO=authpriv.notice
+ NOMOW=0
+ MAILONWARNING=
+ HASH_FUNC=
+ OLD_HASH_FUNC=
+