On Sun, 2008-03-30 at 10:38 +0100, Arthur Dent wrote: > Hello All, > > I got this message this morning after my daily RKH run: > > Checking rkhunter data files... > Checking file mirrors.dat [ No update] > Checking file programs_bad.dat [ No update] > Checking file backdoorports.dat [ No update] > Checking file suspscan.dat [ Update failed ] > Checking file i18n/cn [ No update] > Checking file i18n/en [ No update] > Checking file i18n/zh [ No update] > Checking file i18n/zhutf [ No update] > > Please check the log file (/var/log/rkhunter.log) > > Now here's the thing... > > /var/log/rkhunter.log make no reference whatsoever to download attempts > successful or otherwise. How can I find out why this failed? > The log file will record all successful and failed download attempts. If, however, you have run RKH again after the '--update', then the log file will by default be overwritten (in which case look in 'rkhunter.log.old'). It depends on what your 'daily RKH run' actually does with the 'rkhunter' command.
Having said that, RKH does not do any specific error checking for downloads. It simply looks at the return code of the utility being used (wget, lynx, etc). If it is non-zero then an error occurred. If it is zero, then the downloaded file is looked at to ensure that the version number is valid. If it is not then the download failed. We have to do this because some download utils do not set the return code, so we have to look at what was downloaded. Anyway, the overall result is basically either 'successful' or 'failed'. As to why it failed we cannot say. Personally I've found that simply running 'rkhunter --update' again usually results in a good download. The initial failure probably being some transient problem. John. -- --------------------------------------------------------------- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
