Package: rkhunter Version: 1.4.0-1 Severity: important rkhunter on a Wheezy box:
# apt-cache policy rkhunter rkhunter: Installed: 1.4.0-1 Candidate: 1.4.0-1 Version table: *** 1.4.0-1 0 500 http://ftp.de.debian.org/debian/ wheezy/main i386 Packages 100 /var/lib/dpkg/status # rkhunter -c || echo $? The command 'cat' must be present on the system in order to run rkhunter. The command 'chmod' must be present on the system in order to run rkhunter. The command 'chown' must be present on the system in order to run rkhunter. The command 'cp' must be present on the system in order to run rkhunter. The command 'date' must be present on the system in order to run rkhunter. The command 'egrep' must be present on the system in order to run rkhunter. The command 'ls' must be present on the system in order to run rkhunter. The command 'mv' must be present on the system in order to run rkhunter. The command 'sed' must be present on the system in order to run rkhunter. The command 'uname' must be present on the system in order to run rkhunter. 1 # I didn't change /e/d/rkhunter nor /e/rkhunter.conf, but the very same conf is running on multiple boxes without problems. Debug log is attached below [1]. As far I can see, the second call on check_required_commands() doesn't include /{s,}bin, so probably $BINPATHS is set wrong at that time. Manual setting with --binpath /bin doesn't change the output on stdout/err or in the debug log. Cheers, Julius -- System Information: Debian Release: 7.2 APT prefers stable APT policy: (500, 'stable') Architecture: i686 Shell: /bin/sh linked to /bin/dash Versions of packages rkhunter depends on: ii binutils 2.22-8 ii debconf [debconf-2.0] 1.5.49 ii file 5.11-2 ii net-tools 1.60-24.2 ii perl 5.14.2-21+deb7u1 ii ucf 3.0025+nmu3 Versions of packages rkhunter recommends: ii curl 7.26.0-1+wheezy4 ii iproute 20120521-3+b3 ii lsof 4.86+dfsg-1 ii postfix [mail-transport-agent] 2.9.6-2 ii unhide 20110113-4 ii wget 1.13.4-3 Versions of packages rkhunter suggests: ii bsd-mailx [mailx] 8.1.2-0.20111106cvs-1 ii heirloom-mailx [mailx] 12.5-2 pn libdigest-whirlpool-perl <none> ii liburi-perl 1.60-1 ii libwww-perl 6.04-1 ii powermgmt-base 1.31 pn tripwire <none> [1] + test 0 -eq 1 + print rkh-ksh-string-test + [ = rkh-ksh-string-test ] + [ 0 -eq 1 ] + MYSHELL=/bin/sh + test -h /bin/sh + readlink /bin/sh + MYSHELL=dash + basename dash + MYSHELL=dash + test -z dash + echo -e rkh-ksh\tstring-test + [ -e rkh-ksh string-test = rkh-ksh string-test ] + ECHOOPT= + echo -n -e rkh-ksh-string-test + [ -e rkh-ksh-string-test = rkh-ksh-string-test ] + echo -e rkh-ksh-string-test\c + [ -e rkh-ksh-string-test = rkh-ksh-string-test ] + echo rkh-ksh-string-test\c + [ rkh-ksh-string-test = rkh-ksh-string-test ] + ECHON=c + head -n 1 + HEAD_OPT=-n + tail -n 1 + TAIL_OPT=-n + [ 1 -eq 1 -a dash = ksh ] + trap - 13 + PROGRAM_NAME=Rootkit Hunter + PROGRAM_version=1.4.0 + PROGRAM_copyright_owner=Michael Boelen + PROGRAM_copyright=Copyright (c) 2003-2012, Michael Boelen + PROGRAM_blurb= Currently under active development by the Rootkit Hunter project team. Please review your rkhunter.conf before using. Please review the documentation before posting bug reports or questions. To report bugs, obtain updates, or provide patches or comments, please go to: http://rkhunter.sourceforge.net To ask questions about rkhunter, please use the rkhunter-users mailing list. Note this is a moderated list: please subscribe before posting. Rootkit Hunter comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under the terms of the GNU General Public License. See the LICENSE file for details. + PROGRAM_license= Rootkit Hunter 1.4.0, Copyright (c) 2003-2012, Michael Boelen Currently under active development by the Rootkit Hunter project team. Please review your rkhunter.conf before using. Please review the documentation before posting bug reports or questions. To report bugs, obtain updates, or provide patches or comments, please go to: http://rkhunter.sourceforge.net To ask questions about rkhunter, please use the rkhunter-users mailing list. Note this is a moderated list: please subscribe before posting. Rootkit Hunter comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under the terms of the GNU General Public License. See the LICENSE file for details. + CRONJOB=0 + CHECK=0 + CATLOGFILE=0 + NOLOG=0 + RKHLOGFILE= + DFLT_LOGFILE=/var/log/rkhunter.log + APPEND_LOG=0 + APPEND_OPT=0 + COPY_LOG_ON_ERROR=0 + USE_SYSLOG= + SYSLOG_DFLT_PRIO=authpriv.notice + NOMOW=0 + MAILONWARNING= + HASH_FUNC= + OLD_HASH_FUNC= + PKGMGR= + OLD_PKGMGR= + OLD_ATTRUPD= + HASH_OPT=0 + SHA_SIZE=0 + HASH_FLD_IDX=1 + PROP_DIR_LIST= + PROP_FILE_LIST= + PROP_FILE_LIST_COUNT=0 + PROP_FILE_LIST_TOTAL=0 + PRELINKED=0 + PRELINK_CMD= + PRELINK_HASH= + PKGMGR_MD5_HASH= + MD5_CMD= + EPOCH_DATE_CMD= + PKGMGRNOVRFY= + UPDATE=0 + PROP_UPDATE=0 + PROPUPD_OPT= + VERSIONCHECK=0 + COLORS=1 + CLRSET2=0 + WLIST_IS_WHITE=0 + AUTO_X_DTCT=0 + AUTO_X_OPT=0 + QUIET=0 + SHOWWARNINGSONLY=0 + HASH_CHECK_ENABLED=0 + SKIP_HASH_MSG=0 + RKHTMPDIR= + DB_PATH= + CONFIGFILE= + LOCALCONFIGFILE= + BINPATHS= + DFLT_BINPATHS=/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/libexec /usr/local/libexec + BINDIR_OPT=0 + ID_CMD=id + SKIP_KEY_PRESS=0 + GREP_OPT= + BSDOS=0 + SUNOS=0 + IRIXOS=0 + MACOSX=0 + LINUXOS=0 + LINUXOS=1 + OS_CHANGED=0 + WARN_ON_OS_CHANGE=1 + UPDT_ON_OS_CHANGE=0 + ALLOW_SSH_PROT_V1=0 + ALLOW_SSH_ROOT_USER= + SSH_CONFIG_DIR= + ALLOW_SYSLOG_REMOTE_LOGGING=0 + SYSLOG_CONFIG_FILE= + ROOTKIT_COUNT=0 + ROOTKIT_FAILED_COUNT=0 + ROOTKIT_FAILED_NAMES= + PROP_FAILED_COUNT=0 + SUMMARY_PROP_REQCMDS=0 + APPS_COUNT=0 + APPS_TOTAL_COUNT=0 + APPS_FAILED_COUNT=0 + BEGINTIME=0 + TOTAL_SCANTIME= + WARNING_COUNT=0 + KSYMS_FILE= + CMD_LINE=/usr/bin/rkhunter -c --debug + tr : + echo /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin + RKHROOTPATH=/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin + CMDLIST=basename diff dirname file find ifconfig ip ldd lsattr lsmod lsof mktemp netstat perl pgrep ps pwd readlink stat strings + ABSOLUTELY_REQUIRED_CMDS=cut egrep grep sed tail tr + REQCMDS=awk cat chmod chown cp cut date egrep grep head ls mv sed sort tail touch tr uname uniq wc + WEBCMDLIST=wget curl elinks links lynx bget GET + RKHWEBCMD= + RKHWEBCMD_OPTS= + RKHWEBCMD_BASE= + HOST_NAME= + RET_CODE=0 + LANGUAGE= + UPDATE_LANG= + LOCALE_CMD= + ICONV_CMD= + RKHCHRMAP= + RKHCHKLOCALE=0 + KNOWN_TESTS=strings properties hashes scripts immutable attributes deleted_files packet_cap_apps apps rootkits known_rkts additional_rkts malware local_host network passwd_changes group_changes possible_rkts possible_rkt_files possible_rkt_strings system_commands shared_libs shared_libs_path running_procs hidden_procs trojans other_malware os_specific startup_malware startup_files group_accounts system_configs filesystem suspscan ports hidden_ports promisc loaded_modules avail_modules + GROUPED_TESTS=system_commands:properties:strings:hashes:scripts:shared_libs:shared_libs_path:immutable:attributes properties:hashes:scripts:immutable:attributes shared_libs:shared_libs_path rootkits:known_rkts:additional_rkts:possible_rkts:possible_rkt_files:possible_rkt_strings:malware:running_procs:hidden_procs:deleted_files:trojans:other_malware:os_specific:suspscan:loaded_modules:avail_modules additional_rkts:possible_rkts:possible_rkt_files:possible_rkt_strings possible_rkts:possible_rkt_files:possible_rkt_strings network:packet_cap_apps:ports:hidden_ports:promisc malware:running_procs:hidden_procs:deleted_files:suspscan:other_malware local_host:startup_files:passwd_changes:group_changes:startup_malware:group_accounts:system_configs:filesystem startup_files:startup_malware os_specific:loaded_modules:avail_modules group_accounts:passwd_changes:group_changes + KNOWN_ROOTKITS=55808 Trojan - Variant A, AjaKit, aPa Kit, Adore, Apache Worm, Ambient (ark), Balaur, BeastKit, beX2, BOBKit, Boonana (Koobface.A), cb, CiNIK Worm (Slapper.B variant), CX, Danny-Boy's Abuse Kit, Devil, Dica, Dreams, Duarawkz, Enye LKM, Flea Linux, FreeBSD, Fu, Fuck`it, GasKit, Heroin LKM, HjC Kit, ignoKit, iLLogiC, Inqtana-A, Inqtana-B, Inqtana-C, IntoXonia-NG, Irix, Jynx, KBeast, Kitko, Knark, ld-linuxv.so, Li0n Worm, Lockit/LJK2, Mood-NT, MRK, Ni0, Ohhara, Optic Kit (Tux), OSXRK, Oz, Phalanx, Phalanx2, Portacelo, R3dstorm Toolkit, RH-Sharpe's, RSHA's, Scalper Worm, Shutdown, SHV4, SHV5, Sin, SInAR, Slapper, Sneakin, Solaris Wanuk, Spanish, Suckit, SunOS / NSDAP, SunOS Rootkit, Superkit, TBD (Telnet BackDoor), TeLeKiT, Togroot, T0rn, trNkit, Trojanit Kit, Turtle2, Tuxtendo, URK, Vampire, VcKit, Volc, w00tkit, weaponX, Xzibit, X-Org SunOS, zaRwT.KiT, ZK + LIST_MODULES=File::stat Getopt::Long Crypt::RIPEMD160 Digest::MD5 Digest::SHA Digest::SHA1 Digest::SHA256 Digest::SHA::PurePerl Digest::Whirlpool LWP URI HTTP::Status HTTP::Date Socket Carp + ENABLE_TESTS= + DISABLE_TESTS= + CL_ENABLE_TESTS= + CL_DISABLE_TESTS= + CONFIG_DISABLE_TESTS= + ENDIS_OPT=0 + ENABLE_OPT=0 + USECF=1 + LIST_OPT= + BLANK_LINE= + NOTTY=0 + SHOW_SUMMARY=1 + SHOW_SUMMARY_OPT=0 + VERBOSE_LOGGING=1 + ORIGIFS= + RKHIFS= + IFSNL= + IFS= + STARTUP_PATHS= + STARTUP_PATHS_LOGGED=0 + INETD_CONF_PATH=/etc/inetd.conf + INETDALLOWEDSVCS= + XINETD_CONF_PATH=/etc/xinetd.conf + XINETDALLOWEDSVCS= + UPDATE_ONLY=0 + RKHLANGUPDT=0 + ROTATE_MIRRORS=1 + UPDATE_MIRRORS=1 + MIRRORS_MODE=0 + SUSPSCAN_DEBUG=0 + USE_RUNCON=0 + SELINUX_ENABLED=0 + PORT_WHITELIST= + PORT_WHITELIST_PATH= + PORT_WHITELIST_ALL_TRUSTED=0 + SHADOW_FILE= + HAVE_TCB_SHADOW=0 + OS_VERSION_FILE= + RTKT_DIR_WHITELIST= + RTKT_FILE_WHITELIST= + RKHDAT_FILE= + RKH_FILEPROP_LIST= + HAVE_READLINK=0 + PRELINK_DEP_ERR_CMDS= + USER_FILE_LIST= + USER_SIMPLE_FILE_LIST= + USER_DIR_LIST= + USER_EXCLUDE_PROP= + SHARED_LIB_WHITELIST= + USE_LOCKING=0 + LOCK_TIMEOUT=0 + SHOW_LOCK_MSGS=1 + UNLOCK=0 + EXISTWHITELIST= + CONFIG_CHECK=0 + [ 2 -eq 0 ] + [ 2 -ge 1 ] + CHECK=1 + shift + [ 1 -ge 1 ] + SKIP_KEY_PRESS=1 + shift + [ 0 -ge 1 ] + [ 0 -eq 1 ] + id -u + RKHTMPVAR=0 + [ 0 != 0 -a 0 != root ] + [ 0 -eq 1 ] + USECF=1 + test 0 -eq 1 -a 1 -eq 0 -a 0 -eq 0 -a 0 -eq 0 + check_required_commands 1 + LEAVE=0 + [ 1 -eq 1 ] + CMDDIR=/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin + CMDNAMES=cut egrep grep sed tail tr + SEEN=0 + [ -f /usr/local/sbin/cut -a -x /usr/local/sbin/cut ] + [ -f /usr/local/bin/cut -a -x /usr/local/bin/cut ] + [ -f /usr/sbin/cut -a -x /usr/sbin/cut ] + [ -f /usr/bin/cut -a -x /usr/bin/cut ] + SEEN=1 + break + [ 1 -eq 0 ] + SEEN=0 + [ -f /usr/local/sbin/egrep -a -x /usr/local/sbin/egrep ] + [ -f /usr/local/bin/egrep -a -x /usr/local/bin/egrep ] + [ -f /usr/sbin/egrep -a -x /usr/sbin/egrep ] + [ -f /usr/bin/egrep -a -x /usr/bin/egrep ] + [ -f /sbin/egrep -a -x /sbin/egrep ] + [ -f /bin/egrep -a -x /bin/egrep ] + SEEN=1 + break + [ 1 -eq 0 ] + SEEN=0 + [ -f /usr/local/sbin/grep -a -x /usr/local/sbin/grep ] + SEEN=1 + break + [ 1 -eq 0 ] + SEEN=0 + [ -f /usr/local/sbin/sed -a -x /usr/local/sbin/sed ] + [ -f /usr/local/bin/sed -a -x /usr/local/bin/sed ] + [ -f /usr/sbin/sed -a -x /usr/sbin/sed ] + [ -f /usr/bin/sed -a -x /usr/bin/sed ] + [ -f /sbin/sed -a -x /sbin/sed ] + [ -f /bin/sed -a -x /bin/sed ] + SEEN=1 + break + [ 1 -eq 0 ] + SEEN=0 + [ -f /usr/local/sbin/tail -a -x /usr/local/sbin/tail ] + [ -f /usr/local/bin/tail -a -x /usr/local/bin/tail ] + [ -f /usr/sbin/tail -a -x /usr/sbin/tail ] + [ -f /usr/bin/tail -a -x /usr/bin/tail ] + SEEN=1 + break + [ 1 -eq 0 ] + SEEN=0 + [ -f /usr/local/sbin/tr -a -x /usr/local/sbin/tr ] + [ -f /usr/local/bin/tr -a -x /usr/local/bin/tr ] + [ -f /usr/sbin/tr -a -x /usr/sbin/tr ] + [ -f /usr/bin/tr -a -x /usr/bin/tr ] + SEEN=1 + break + [ 1 -eq 0 ] + [ 0 -eq 1 ] + return + [ -z ] + [ -f /etc/rkhunter.conf ] + CONFIGFILE=/etc/rkhunter.conf + [ ! -f /etc/rkhunter.conf ] + [ ! -r /etc/rkhunter.conf ] + [ ! -s /etc/rkhunter.conf ] + sed -e s:/[^/]*$:: + echo /etc/rkhunter.conf + RKHTMPVAR=/etc + test -f /etc/rkhunter.conf.local + get_configfile_options + get_bindir_option + LEAVE=0 + ERRCODE=0 + [ 0 -eq 1 ] + get_option 2 multi BINDIR + OPTTYPE=2 + OPTMULTI=multi + OPTV=BINDIR + grep -h ^BINDIR= /etc/rkhunter.conf + [ -z ] + echo + return 0 + BINPATHS= + check_paths BINPATHS BINDIR STRICT + OPT_VALUE=BINPATHS + OPT_NAME=BINDIR + STRICT=STRICT + test -z BINDIR + test -z STRICT + STRICT=1 + eval echo "$BINPATHS" + echo + RKHTMPVAR= + test -z + return + [ 0 -eq 0 ] + [ -z ] + BINPATHS=/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/libexec /usr/local/libexec + [ 0 -eq 1 -o 0 -eq 1 -o Linux = AIX ] + add_extra_dirs + EXTRA_DIRS= + [ 0 -eq 1 ] + [ 0 -eq 1 ] + [ 0 -eq 1 ] + [ 0 -eq 1 ] + [ -f /etc/GoboLinuxVersion ] + test -d /opt + EXTRA_DIRS= /opt/bin /opt/sbin + test -d /usr/opt + return + BINPATHS=/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/libexec /usr/local/libexec /opt/bin /opt/sbin + [ 0 -eq 0 ] + RKHTMPVAR= + PREPEND_PATHS= + grep ^\+ + echo /bin + [ -n ] + grep ^\+ + echo /usr/bin + [ -n ] + grep ^\+ + echo /sbin + [ -n ] + grep ^\+ + echo /usr/sbin + [ -n ] + grep ^\+ + echo /usr/local/bin + [ -n ] + grep ^\+ + echo /usr/local/sbin + [ -n ] + grep ^\+ + echo /usr/libexec + [ -n ] + grep ^\+ + echo /usr/local/libexec + [ -n ] + grep ^\+ + echo /opt/bin + [ -n ] + grep ^\+ + echo /opt/sbin + [ -n ] + echo + PREPEND_PATHS= + grep ^\+ + echo /usr/local/sbin + [ -n ] + grep ^/ + echo /usr/local/sbin + [ -z /usr/local/sbin ] + [ -e /usr/local/sbin ] + [ -d /usr/local/sbin ] + sed -e s:/$:: + tr -s / + echo /usr/local/sbin + DIR=/usr/local/sbin + grep /usr/local/sbin + echo + [ -z ] + RKHTMPVAR= /usr/local/sbin + grep ^\+ + echo /usr/local/bin + [ -n ] + grep ^/ + echo /usr/local/bin + [ -z /usr/local/bin ] + [ -e /usr/local/bin ] + [ -d /usr/local/bin ] + tr -s / + echo /usr/local/bin + sed -e s:/$:: + DIR=/usr/local/bin + grep /usr/local/bin + echo /usr/local/sbin + [ -z ] + RKHTMPVAR= /usr/local/sbin /usr/local/bin + grep ^\+ + echo /usr/sbin + [ -n ] + grep ^/ + echo /usr/sbin + [ -z /usr/sbin ] + [ -e /usr/sbin ] + [ -d /usr/sbin ] + tr -s / + sed -e s:/$:: + echo /usr/sbin + DIR=/usr/sbin + grep /usr/sbin + echo /usr/local/sbin /usr/local/bin + [ -z ] + RKHTMPVAR= /usr/local/sbin /usr/local/bin /usr/sbin + grep ^\+ + echo /usr/bin + [ -n ] + grep ^/ + echo /usr/bin + [ -z /usr/bin ] + [ -e /usr/bin ] + [ -d /usr/bin ] + sed -e s:/$:: + tr -s / + echo /usr/bin + DIR=/usr/bin + grep /usr/bin + echo /usr/local/sbin /usr/local/bin /usr/sbin + [ -z ] + RKHTMPVAR= /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin + grep ^\+ + echo /sbin + [ -n ] + grep ^/ + echo /sbin + [ -z /sbin ] + [ -e /sbin ] + [ -d /sbin ] + tr -s / + sed -e s:/$:: + echo /sbin + DIR=/sbin + grep /sbin + echo /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin + [ -z /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin ] + grep ^\+ + echo /bin + [ -n ] + grep ^/ + echo /bin + [ -z /bin ] + [ -e /bin ] + [ -d /bin ] + tr -s / + sed -e s:/$:: + echo /bin + DIR=/bin + grep /bin + echo /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin + [ -z /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin ] + grep ^\+ + echo /bin + [ -n ] + grep ^/ + echo /bin + [ -z /bin ] + [ -e /bin ] + [ -d /bin ] + tr -s / + sed -e s:/$:: + echo /bin + DIR=/bin + grep /bin + echo /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin + [ -z /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin ] + grep ^\+ + echo /usr/bin + [ -n ] + grep ^/ + echo /usr/bin + [ -z /usr/bin ] + [ -e /usr/bin ] + [ -d /usr/bin ] + tr -s / + sed -e s:/$:: + echo /usr/bin + DIR=/usr/bin + grep /usr/bin + echo /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin + [ -z /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin ] + grep ^\+ + echo /sbin + [ -n ] + grep ^/ + echo /sbin + [ -z /sbin ] + [ -e /sbin ] + [ -d /sbin ] + tr -s / + sed -e s:/$:: + echo /sbin + DIR=/sbin + grep /sbin + echo /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin + [ -z /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin ] + grep ^\+ + echo /usr/sbin + [ -n ] + grep ^/ + echo /usr/sbin + [ -z /usr/sbin ] + [ -e /usr/sbin ] + [ -d /usr/sbin ] + tr -s / + sed -e s:/$:: + echo /usr/sbin + DIR=/usr/sbin + grep /usr/sbin + echo /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin + [ -z /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin ] + grep ^\+ + echo /usr/local/bin + [ -n ] + grep ^/ + echo /usr/local/bin + [ -z /usr/local/bin ] + [ -e /usr/local/bin ] + [ -d /usr/local/bin ] + tr -s / + sed -e s:/$:: + echo /usr/local/bin + DIR=/usr/local/bin + grep /usr/local/bin + echo /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin + [ -z /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin ] + grep ^\+ + echo /usr/local/sbin + [ -n ] + grep ^/ + echo /usr/local/sbin + [ -z /usr/local/sbin ] + [ -e /usr/local/sbin ] + [ -d /usr/local/sbin ] + sed -e s:/$:: + tr -s / + echo /usr/local/sbin + DIR=/usr/local/sbin + grep /usr/local/sbin + echo /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin + [ -z /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin ] + grep ^\+ + echo /usr/libexec + [ -n ] + grep ^/ + echo /usr/libexec + [ -z /usr/libexec ] + [ -e /usr/libexec ] + grep ^\+ + echo /usr/local/libexec + [ -n ] + grep ^/ + echo /usr/local/libexec + [ -z /usr/local/libexec ] + [ -e /usr/local/libexec ] + grep ^\+ + echo /opt/bin + [ -n ] + grep ^/ + echo /opt/bin + [ -z /opt/bin ] + [ -e /opt/bin ] + grep ^\+ + echo /opt/sbin + [ -n ] + grep ^/ + echo /opt/sbin + [ -z /opt/sbin ] + [ -e /opt/sbin ] + echo /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin + BINPATHS=/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin + [ 0 -eq 1 ] + return + get_scriptdir_option + LEAVE=0 + ERRCODE=0 + get_option 1 single SCRIPTDIR + OPTTYPE=1 + OPTMULTI=single + OPTV=SCRIPTDIR + grep -h ^SCRIPTDIR= /etc/rkhunter.conf + [ -z SCRIPTDIR=/usr/share/rkhunter/scripts ] + tail -n 1 + sed -e s/SCRIPTDIR=// + grep -h ^SCRIPTDIR= /etc/rkhunter.conf + OPTVAR=/usr/share/rkhunter/scripts + tr -d ' + tr -d " + echo /usr/share/rkhunter/scripts + OPTVAR=/usr/share/rkhunter/scripts + echo /usr/share/rkhunter/scripts + return 0 + SCRIPT_PATH=/usr/share/rkhunter/scripts + check_paths SCRIPT_PATH SCRIPTDIR STRICT + OPT_VALUE=SCRIPT_PATH + OPT_NAME=SCRIPTDIR + STRICT=STRICT + test -z SCRIPTDIR + test -z STRICT + STRICT=1 + eval echo "$SCRIPT_PATH" + echo /usr/share/rkhunter/scripts + RKHTMPVAR=/usr/share/rkhunter/scripts + test -z /usr/share/rkhunter/scripts + [ 1 -eq 1 ] + grep [][?*] + echo /usr/share/rkhunter/scripts + [ -n ] + [ SCRIPTDIR = BINDIR ] + [ SCRIPTDIR = USER_FILEPROP_FILES_DIRS ] + [ SCRIPTDIR = RTKT_FILE_WHITELIST ] + egrep (^[./]*$)|[;&]|/\.\./ + echo /usr/share/rkhunter/scripts + [ -n ] + [ SCRIPTDIR = USER_FILEPROP_FILES_DIRS ] + grep ^[^/].*/ + echo /usr/share/rkhunter/scripts + [ -n ] + grep ^/ + echo /usr/share/rkhunter/scripts + [ -z /usr/share/rkhunter/scripts ] + [ -f /usr/share/rkhunter/scripts ] + [ -d /usr/share/rkhunter/scripts ] + test SCRIPTDIR = ALLOWHIDDENFILE -a -h /usr/share/rkhunter/scripts + return + [ 0 -eq 0 ] + [ -z /usr/share/rkhunter/scripts ] + [ 0 -eq 1 ] + [ ! -r /usr/share/rkhunter/scripts ] + [ 0 -eq 1 ] + return + check_required_commands 2 + LEAVE=0 + [ 2 -eq 1 ] + CMDDIR=/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin + CMDNAMES=awk cat chmod chown cp cut date egrep grep head ls mv sed sort tail touch tr uname uniq wc + SEEN=0 + [ -f /usr/local/sbin/awk -a -x /usr/local/sbin/awk ] + [ -f /usr/local/bin/awk -a -x /usr/local/bin/awk ] + [ -f /usr/sbin/awk -a -x /usr/sbin/awk ] + [ -f /usr/bin/awk -a -x /usr/bin/awk ] + SEEN=1 + break + [ 1 -eq 0 ] + SEEN=0 + [ -f /usr/local/sbin/cat -a -x /usr/local/sbin/cat ] + [ -f /usr/local/bin/cat -a -x /usr/local/bin/cat ] + [ -f /usr/sbin/cat -a -x /usr/sbin/cat ] + [ -f /usr/bin/cat -a -x /usr/bin/cat ] + [ 0 -eq 0 ] + LEAVE=1 + echo The command 'cat' must be present on the system in order to run rkhunter. The command 'cat' must be present on the system in order to run rkhunter. + SEEN=0 + [ -f /usr/local/sbin/chmod -a -x /usr/local/sbin/chmod ] + [ -f /usr/local/bin/chmod -a -x /usr/local/bin/chmod ] + [ -f /usr/sbin/chmod -a -x /usr/sbin/chmod ] + [ -f /usr/bin/chmod -a -x /usr/bin/chmod ] + [ 0 -eq 0 ] + LEAVE=1 + echo The command 'chmod' must be present on the system in order to run rkhunter. The command 'chmod' must be present on the system in order to run rkhunter. + SEEN=0 + [ -f /usr/local/sbin/chown -a -x /usr/local/sbin/chown ] + [ -f /usr/local/bin/chown -a -x /usr/local/bin/chown ] + [ -f /usr/sbin/chown -a -x /usr/sbin/chown ] + [ -f /usr/bin/chown -a -x /usr/bin/chown ] + [ 0 -eq 0 ] + LEAVE=1 + echo The command 'chown' must be present on the system in order to run rkhunter. The command 'chown' must be present on the system in order to run rkhunter. + SEEN=0 + [ -f /usr/local/sbin/cp -a -x /usr/local/sbin/cp ] + [ -f /usr/local/bin/cp -a -x /usr/local/bin/cp ] + [ -f /usr/sbin/cp -a -x /usr/sbin/cp ] + [ -f /usr/bin/cp -a -x /usr/bin/cp ] + [ 0 -eq 0 ] + LEAVE=1 + echo The command 'cp' must be present on the system in order to run rkhunter. The command 'cp' must be present on the system in order to run rkhunter. + SEEN=0 + [ -f /usr/local/sbin/cut -a -x /usr/local/sbin/cut ] + [ -f /usr/local/bin/cut -a -x /usr/local/bin/cut ] + [ -f /usr/sbin/cut -a -x /usr/sbin/cut ] + [ -f /usr/bin/cut -a -x /usr/bin/cut ] + SEEN=1 + break + [ 1 -eq 0 ] + SEEN=0 + [ -f /usr/local/sbin/date -a -x /usr/local/sbin/date ] + [ -f /usr/local/bin/date -a -x /usr/local/bin/date ] + [ -f /usr/sbin/date -a -x /usr/sbin/date ] + [ -f /usr/bin/date -a -x /usr/bin/date ] + [ 0 -eq 0 ] + LEAVE=1 + echo The command 'date' must be present on the system in order to run rkhunter. The command 'date' must be present on the system in order to run rkhunter. + SEEN=0 + [ -f /usr/local/sbin/egrep -a -x /usr/local/sbin/egrep ] + [ -f /usr/local/bin/egrep -a -x /usr/local/bin/egrep ] + [ -f /usr/sbin/egrep -a -x /usr/sbin/egrep ] + [ -f /usr/bin/egrep -a -x /usr/bin/egrep ] + [ 0 -eq 0 ] + LEAVE=1 + echo The command 'egrep' must be present on the system in order to run rkhunter. The command 'egrep' must be present on the system in order to run rkhunter. + SEEN=0 + [ -f /usr/local/sbin/grep -a -x /usr/local/sbin/grep ] + SEEN=1 + break + [ 1 -eq 0 ] + SEEN=0 + [ -f /usr/local/sbin/head -a -x /usr/local/sbin/head ] + [ -f /usr/local/bin/head -a -x /usr/local/bin/head ] + [ -f /usr/sbin/head -a -x /usr/sbin/head ] + [ -f /usr/bin/head -a -x /usr/bin/head ] + SEEN=1 + break + [ 1 -eq 0 ] + SEEN=0 + [ -f /usr/local/sbin/ls -a -x /usr/local/sbin/ls ] + [ -f /usr/local/bin/ls -a -x /usr/local/bin/ls ] + [ -f /usr/sbin/ls -a -x /usr/sbin/ls ] + [ -f /usr/bin/ls -a -x /usr/bin/ls ] + [ 0 -eq 0 ] + LEAVE=1 + echo The command 'ls' must be present on the system in order to run rkhunter. The command 'ls' must be present on the system in order to run rkhunter. + SEEN=0 + [ -f /usr/local/sbin/mv -a -x /usr/local/sbin/mv ] + [ -f /usr/local/bin/mv -a -x /usr/local/bin/mv ] + [ -f /usr/sbin/mv -a -x /usr/sbin/mv ] + [ -f /usr/bin/mv -a -x /usr/bin/mv ] + [ 0 -eq 0 ] + LEAVE=1 + echo The command 'mv' must be present on the system in order to run rkhunter. The command 'mv' must be present on the system in order to run rkhunter. + SEEN=0 + [ -f /usr/local/sbin/sed -a -x /usr/local/sbin/sed ] + [ -f /usr/local/bin/sed -a -x /usr/local/bin/sed ] + [ -f /usr/sbin/sed -a -x /usr/sbin/sed ] + [ -f /usr/bin/sed -a -x /usr/bin/sed ] + [ 0 -eq 0 ] + LEAVE=1 + echo The command 'sed' must be present on the system in order to run rkhunter. The command 'sed' must be present on the system in order to run rkhunter. + SEEN=0 + [ -f /usr/local/sbin/sort -a -x /usr/local/sbin/sort ] + [ -f /usr/local/bin/sort -a -x /usr/local/bin/sort ] + [ -f /usr/sbin/sort -a -x /usr/sbin/sort ] + [ -f /usr/bin/sort -a -x /usr/bin/sort ] + SEEN=1 + break + [ 1 -eq 0 ] + SEEN=0 + [ -f /usr/local/sbin/tail -a -x /usr/local/sbin/tail ] + [ -f /usr/local/bin/tail -a -x /usr/local/bin/tail ] + [ -f /usr/sbin/tail -a -x /usr/sbin/tail ] + [ -f /usr/bin/tail -a -x /usr/bin/tail ] + SEEN=1 + break + [ 1 -eq 0 ] + SEEN=0 + [ -f /usr/local/sbin/touch -a -x /usr/local/sbin/touch ] + [ -f /usr/local/bin/touch -a -x /usr/local/bin/touch ] + [ -f /usr/sbin/touch -a -x /usr/sbin/touch ] + [ -f /usr/bin/touch -a -x /usr/bin/touch ] + SEEN=1 + break + [ 1 -eq 0 ] + SEEN=0 + [ -f /usr/local/sbin/tr -a -x /usr/local/sbin/tr ] + [ -f /usr/local/bin/tr -a -x /usr/local/bin/tr ] + [ -f /usr/sbin/tr -a -x /usr/sbin/tr ] + [ -f /usr/bin/tr -a -x /usr/bin/tr ] + SEEN=1 + break + [ 1 -eq 0 ] + SEEN=0 + [ -f /usr/local/sbin/uname -a -x /usr/local/sbin/uname ] + [ -f /usr/local/bin/uname -a -x /usr/local/bin/uname ] + [ -f /usr/sbin/uname -a -x /usr/sbin/uname ] + [ -f /usr/bin/uname -a -x /usr/bin/uname ] + [ 0 -eq 0 ] + LEAVE=1 + echo The command 'uname' must be present on the system in order to run rkhunter. The command 'uname' must be present on the system in order to run rkhunter. + SEEN=0 + [ -f /usr/local/sbin/uniq -a -x /usr/local/sbin/uniq ] + [ -f /usr/local/bin/uniq -a -x /usr/local/bin/uniq ] + [ -f /usr/sbin/uniq -a -x /usr/sbin/uniq ] + [ -f /usr/bin/uniq -a -x /usr/bin/uniq ] + SEEN=1 + break + [ 1 -eq 0 ] + SEEN=0 + [ -f /usr/local/sbin/wc -a -x /usr/local/sbin/wc ] + [ -f /usr/local/bin/wc -a -x /usr/local/bin/wc ] + [ -f /usr/sbin/wc -a -x /usr/sbin/wc ] + [ -f /usr/bin/wc -a -x /usr/bin/wc ] + SEEN=1 + break + [ 1 -eq 0 ] + [ 1 -eq 1 ] + [ 0 -eq 0 ] + exit 1 _______________________________________________ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel