Bug#993748: rkhunter: patch for /etc/apt.conf.d/90rkhunter

Sun, 05 Sep 2021 15:09:15 -0700 

Package: rkhunter
Version: 1.4.6-9
Severity: normal
Tags: patch

Dear Maintainer,

Please consider the attached patch for
  /etc/apt/apt.conf.d/90rkhunter

It adds || true to ensure apt completes its
actions even if there are problems running
rkhunter. 

I had such issues when 
upgrading from buster to bullseye because
the default /etc/rkhunter.conf
has a SCRIPTWHITELIST that assumes grep is in 
/usr/bin -- this is not true on a system without
usrmerge

Thanks for considering

-- System Information:
Debian Release: 11.0
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-8-amd64 (SMP w/1 CPU thread)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages rkhunter depends on:
ii  binutils               2.35.2-2
ii  debconf [debconf-2.0]  1.5.77
ii  file                   1:5.39-3
ii  lsof                   4.93.2+dfsg-1.1
ii  net-tools              1.60+git20181103.0eebece-1
ii  perl                   5.32.1-4+deb11u1
ii  ucf                    3.0043

Versions of packages rkhunter recommends:
ii  curl                                       7.74.0-1.3+b1
ii  e2fsprogs                                  1.46.2-2
ii  exim4-daemon-light [mail-transport-agent]  4.94.2-7
ii  iproute2                                   5.10.0-4
ii  mailutils [mailx]                          1:3.10-3+b1
ii  unhide                                     20130526-4
ii  unhide.rb                                  22-5
ii  wget                                       1.21-1+b1

Versions of packages rkhunter suggests:
ii  liburi-perl     5.08-1
ii  libwww-perl     6.52-1
pn  powermgmt-base  <none>

-- Configuration Files:
/etc/apt/apt.conf.d/90rkhunter changed [not included]
/etc/logcheck/ignore.d.server/rkhunter [Errno 13] Permission denied: 
'/etc/logcheck/ignore.d.server/rkhunter'
/etc/rkhunter.conf changed [not included]

-- debconf information:
* rkhunter/apt_autogen: true
* rkhunter/cron_daily_run: true
* rkhunter/cron_db_update: false

--- apt.conf.d__90rkhunter.orig 2021-09-05 22:56:18.992369673 +0100
+++ apt.conf.d__90rkhunter.new  2021-09-05 22:55:59.400391786 +0100
@@ -1,2 +1,2 @@
 // Makes sure that rkhunter file properties database is updated after each 
remove or install only APT_AUTOGEN is enabled
-DPkg::Post-Invoke { "if [ -x /usr/bin/rkhunter ] && grep -qiE 
'^APT_AUTOGEN=.?(true|yes)' /etc/default/rkhunter; then 
/usr/share/rkhunter/scripts/rkhupd.sh; fi"; };
+DPkg::Post-Invoke { "if [ -x /usr/bin/rkhunter ] && grep -qiE 
'^APT_AUTOGEN=.?(true|yes)' /etc/default/rkhunter; then 
/usr/share/rkhunter/scripts/rkhupd.sh || true; fi"; };

Reply via email to