Package: rkhunter
Version: 1.4.0-1
Severity: important
rkhunter on a Wheezy box:
# apt-cache policy rkhunter
rkhunter:
Installed: 1.4.0-1
Candidate: 1.4.0-1
Version table:
*** 1.4.0-1 0
500 http://ftp.de.debian.org/debian/ wheezy/main i386 Packages
100 /var/lib/dpkg/status
# rkhunter -c || echo $?
The command 'cat' must be present on the system in order to run rkhunter.
The command 'chmod' must be present on the system in order to run rkhunter.
The command 'chown' must be present on the system in order to run rkhunter.
The command 'cp' must be present on the system in order to run rkhunter.
The command 'date' must be present on the system in order to run rkhunter.
The command 'egrep' must be present on the system in order to run rkhunter.
The command 'ls' must be present on the system in order to run rkhunter.
The command 'mv' must be present on the system in order to run rkhunter.
The command 'sed' must be present on the system in order to run rkhunter.
The command 'uname' must be present on the system in order to run rkhunter.
1
#
I didn't change /e/d/rkhunter nor /e/rkhunter.conf, but the very same conf is
running on multiple boxes without problems. Debug log is attached below [1].
As far I can see, the second call on check_required_commands() doesn't include
/{s,}bin, so probably $BINPATHS is set wrong at that time. Manual setting with
--binpath /bin doesn't change the output on stdout/err or in the debug log.
Cheers,
Julius
-- System Information:
Debian Release: 7.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: i686
Shell: /bin/sh linked to /bin/dash
Versions of packages rkhunter depends on:
ii binutils 2.22-8
ii debconf [debconf-2.0] 1.5.49
ii file 5.11-2
ii net-tools 1.60-24.2
ii perl 5.14.2-21+deb7u1
ii ucf 3.0025+nmu3
Versions of packages rkhunter recommends:
ii curl 7.26.0-1+wheezy4
ii iproute 20120521-3+b3
ii lsof 4.86+dfsg-1
ii postfix [mail-transport-agent] 2.9.6-2
ii unhide 20110113-4
ii wget 1.13.4-3
Versions of packages rkhunter suggests:
ii bsd-mailx [mailx] 8.1.2-0.20111106cvs-1
ii heirloom-mailx [mailx] 12.5-2
pn libdigest-whirlpool-perl <none>
ii liburi-perl 1.60-1
ii libwww-perl 6.04-1
ii powermgmt-base 1.31
pn tripwire <none>
[1]
+ test 0 -eq 1
+ print rkh-ksh-string-test
+ [ = rkh-ksh-string-test ]
+ [ 0 -eq 1 ]
+ MYSHELL=/bin/sh
+ test -h /bin/sh
+ readlink /bin/sh
+ MYSHELL=dash
+ basename dash
+ MYSHELL=dash
+ test -z dash
+ echo -e rkh-ksh\tstring-test
+ [ -e rkh-ksh string-test = rkh-ksh string-test ]
+ ECHOOPT=
+ echo -n -e rkh-ksh-string-test
+ [ -e rkh-ksh-string-test = rkh-ksh-string-test ]
+ echo -e rkh-ksh-string-test\c
+ [ -e rkh-ksh-string-test = rkh-ksh-string-test ]
+ echo rkh-ksh-string-test\c
+ [ rkh-ksh-string-test = rkh-ksh-string-test ]
+ ECHON=c
+ head -n 1
+ HEAD_OPT=-n
+ tail -n 1
+ TAIL_OPT=-n
+ [ 1 -eq 1 -a dash = ksh ]
+ trap - 13
+ PROGRAM_NAME=Rootkit Hunter
+ PROGRAM_version=1.4.0
+ PROGRAM_copyright_owner=Michael Boelen
+ PROGRAM_copyright=Copyright (c) 2003-2012, Michael Boelen
+ PROGRAM_blurb=
Currently under active development by the Rootkit Hunter project team.
Please review your rkhunter.conf before using.
Please review the documentation before posting bug reports or questions.
To report bugs, obtain updates, or provide patches or comments, please go to:
http://rkhunter.sourceforge.net
To ask questions about rkhunter, please use the rkhunter-users mailing list.
Note this is a moderated list: please subscribe before posting.
Rootkit Hunter comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the
terms of the GNU General Public License. See the LICENSE file for details.
+ PROGRAM_license=
Rootkit Hunter 1.4.0, Copyright (c) 2003-2012, Michael Boelen
Currently under active development by the Rootkit Hunter project team.
Please review your rkhunter.conf before using.
Please review the documentation before posting bug reports or questions.
To report bugs, obtain updates, or provide patches or comments, please go to:
http://rkhunter.sourceforge.net
To ask questions about rkhunter, please use the rkhunter-users mailing list.
Note this is a moderated list: please subscribe before posting.
Rootkit Hunter comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it under the
terms of the GNU General Public License. See the LICENSE file for details.
+ CRONJOB=0
+ CHECK=0
+ CATLOGFILE=0
+ NOLOG=0
+ RKHLOGFILE=
+ DFLT_LOGFILE=/var/log/rkhunter.log
+ APPEND_LOG=0
+ APPEND_OPT=0
+ COPY_LOG_ON_ERROR=0
+ USE_SYSLOG=
+ SYSLOG_DFLT_PRIO=authpriv.notice
+ NOMOW=0
+ MAILONWARNING=
+ HASH_FUNC=
+ OLD_HASH_FUNC=
+ PKGMGR=
+ OLD_PKGMGR=
+ OLD_ATTRUPD=
+ HASH_OPT=0
+ SHA_SIZE=0
+ HASH_FLD_IDX=1
+ PROP_DIR_LIST=
+ PROP_FILE_LIST=
+ PROP_FILE_LIST_COUNT=0
+ PROP_FILE_LIST_TOTAL=0
+ PRELINKED=0
+ PRELINK_CMD=
+ PRELINK_HASH=
+ PKGMGR_MD5_HASH=
+ MD5_CMD=
+ EPOCH_DATE_CMD=
+ PKGMGRNOVRFY=
+ UPDATE=0
+ PROP_UPDATE=0
+ PROPUPD_OPT=
+ VERSIONCHECK=0
+ COLORS=1
+ CLRSET2=0
+ WLIST_IS_WHITE=0
+ AUTO_X_DTCT=0
+ AUTO_X_OPT=0
+ QUIET=0
+ SHOWWARNINGSONLY=0
+ HASH_CHECK_ENABLED=0
+ SKIP_HASH_MSG=0
+ RKHTMPDIR=
+ DB_PATH=
+ CONFIGFILE=
+ LOCALCONFIGFILE=
+ BINPATHS=
+ DFLT_BINPATHS=/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin
/usr/libexec /usr/local/libexec
+ BINDIR_OPT=0
+ ID_CMD=id
+ SKIP_KEY_PRESS=0
+ GREP_OPT=
+ BSDOS=0
+ SUNOS=0
+ IRIXOS=0
+ MACOSX=0
+ LINUXOS=0
+ LINUXOS=1
+ OS_CHANGED=0
+ WARN_ON_OS_CHANGE=1
+ UPDT_ON_OS_CHANGE=0
+ ALLOW_SSH_PROT_V1=0
+ ALLOW_SSH_ROOT_USER=
+ SSH_CONFIG_DIR=
+ ALLOW_SYSLOG_REMOTE_LOGGING=0
+ SYSLOG_CONFIG_FILE=
+ ROOTKIT_COUNT=0
+ ROOTKIT_FAILED_COUNT=0
+ ROOTKIT_FAILED_NAMES=
+ PROP_FAILED_COUNT=0
+ SUMMARY_PROP_REQCMDS=0
+ APPS_COUNT=0
+ APPS_TOTAL_COUNT=0
+ APPS_FAILED_COUNT=0
+ BEGINTIME=0
+ TOTAL_SCANTIME=
+ WARNING_COUNT=0
+ KSYMS_FILE=
+ CMD_LINE=/usr/bin/rkhunter -c --debug
+ tr :
+ echo /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+ RKHROOTPATH=/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin
+ CMDLIST=basename diff dirname file find ifconfig ip ldd lsattr lsmod lsof
mktemp netstat perl pgrep ps pwd readlink stat strings
+ ABSOLUTELY_REQUIRED_CMDS=cut egrep grep sed tail tr
+ REQCMDS=awk cat chmod chown cp cut date egrep grep head ls mv sed sort tail
touch tr uname uniq wc
+ WEBCMDLIST=wget curl elinks links lynx bget GET
+ RKHWEBCMD=
+ RKHWEBCMD_OPTS=
+ RKHWEBCMD_BASE=
+ HOST_NAME=
+ RET_CODE=0
+ LANGUAGE=
+ UPDATE_LANG=
+ LOCALE_CMD=
+ ICONV_CMD=
+ RKHCHRMAP=
+ RKHCHKLOCALE=0
+ KNOWN_TESTS=strings properties hashes scripts immutable attributes
deleted_files packet_cap_apps apps rootkits known_rkts
additional_rkts malware local_host network passwd_changes
group_changes possible_rkts possible_rkt_files possible_rkt_strings
system_commands shared_libs shared_libs_path running_procs
hidden_procs trojans other_malware os_specific startup_malware
startup_files group_accounts system_configs filesystem suspscan
ports hidden_ports promisc loaded_modules avail_modules
+
GROUPED_TESTS=system_commands:properties:strings:hashes:scripts:shared_libs:shared_libs_path:immutable:attributes
properties:hashes:scripts:immutable:attributes
shared_libs:shared_libs_path
rootkits:known_rkts:additional_rkts:possible_rkts:possible_rkt_files:possible_rkt_strings:malware:running_procs:hidden_procs:deleted_files:trojans:other_malware:os_specific:suspscan:loaded_modules:avail_modules
additional_rkts:possible_rkts:possible_rkt_files:possible_rkt_strings
possible_rkts:possible_rkt_files:possible_rkt_strings
network:packet_cap_apps:ports:hidden_ports:promisc
malware:running_procs:hidden_procs:deleted_files:suspscan:other_malware
local_host:startup_files:passwd_changes:group_changes:startup_malware:group_accounts:system_configs:filesystem
startup_files:startup_malware
os_specific:loaded_modules:avail_modules
group_accounts:passwd_changes:group_changes
+ KNOWN_ROOTKITS=55808 Trojan - Variant A, AjaKit, aPa Kit, Adore, Apache Worm,
Ambient (ark),
Balaur, BeastKit, beX2, BOBKit, Boonana (Koobface.A), cb, CiNIK Worm
(Slapper.B variant), CX,
Danny-Boy's Abuse Kit, Devil, Dica, Dreams, Duarawkz, Enye LKM, Flea Linux,
FreeBSD, Fu,
Fuck`it, GasKit, Heroin LKM, HjC Kit, ignoKit, iLLogiC, Inqtana-A, Inqtana-B,
Inqtana-C,
IntoXonia-NG, Irix, Jynx, KBeast, Kitko, Knark, ld-linuxv.so, Li0n Worm,
Lockit/LJK2, Mood-NT, MRK, Ni0,
Ohhara, Optic Kit (Tux), OSXRK, Oz, Phalanx, Phalanx2, Portacelo, R3dstorm
Toolkit,
RH-Sharpe's, RSHA's, Scalper Worm, Shutdown, SHV4, SHV5, Sin, SInAR, Slapper,
Sneakin, Solaris Wanuk, Spanish, Suckit, SunOS / NSDAP, SunOS Rootkit,
Superkit, TBD (Telnet BackDoor),
TeLeKiT, Togroot, T0rn, trNkit, Trojanit Kit, Turtle2, Tuxtendo, URK,
Vampire, VcKit, Volc, w00tkit,
weaponX, Xzibit, X-Org SunOS, zaRwT.KiT, ZK
+ LIST_MODULES=File::stat Getopt::Long Crypt::RIPEMD160 Digest::MD5 Digest::SHA
Digest::SHA1 Digest::SHA256
Digest::SHA::PurePerl Digest::Whirlpool LWP URI HTTP::Status
HTTP::Date Socket Carp
+ ENABLE_TESTS=
+ DISABLE_TESTS=
+ CL_ENABLE_TESTS=
+ CL_DISABLE_TESTS=
+ CONFIG_DISABLE_TESTS=
+ ENDIS_OPT=0
+ ENABLE_OPT=0
+ USECF=1
+ LIST_OPT=
+ BLANK_LINE=
+ NOTTY=0
+ SHOW_SUMMARY=1
+ SHOW_SUMMARY_OPT=0
+ VERBOSE_LOGGING=1
+ ORIGIFS=
+ RKHIFS=
+ IFSNL=
+ IFS=
+ STARTUP_PATHS=
+ STARTUP_PATHS_LOGGED=0
+ INETD_CONF_PATH=/etc/inetd.conf
+ INETDALLOWEDSVCS=
+ XINETD_CONF_PATH=/etc/xinetd.conf
+ XINETDALLOWEDSVCS=
+ UPDATE_ONLY=0
+ RKHLANGUPDT=0
+ ROTATE_MIRRORS=1
+ UPDATE_MIRRORS=1
+ MIRRORS_MODE=0
+ SUSPSCAN_DEBUG=0
+ USE_RUNCON=0
+ SELINUX_ENABLED=0
+ PORT_WHITELIST=
+ PORT_WHITELIST_PATH=
+ PORT_WHITELIST_ALL_TRUSTED=0
+ SHADOW_FILE=
+ HAVE_TCB_SHADOW=0
+ OS_VERSION_FILE=
+ RTKT_DIR_WHITELIST=
+ RTKT_FILE_WHITELIST=
+ RKHDAT_FILE=
+ RKH_FILEPROP_LIST=
+ HAVE_READLINK=0
+ PRELINK_DEP_ERR_CMDS=
+ USER_FILE_LIST=
+ USER_SIMPLE_FILE_LIST=
+ USER_DIR_LIST=
+ USER_EXCLUDE_PROP=
+ SHARED_LIB_WHITELIST=
+ USE_LOCKING=0
+ LOCK_TIMEOUT=0
+ SHOW_LOCK_MSGS=1
+ UNLOCK=0
+ EXISTWHITELIST=
+ CONFIG_CHECK=0
+ [ 2 -eq 0 ]
+ [ 2 -ge 1 ]
+ CHECK=1
+ shift
+ [ 1 -ge 1 ]
+ SKIP_KEY_PRESS=1
+ shift
+ [ 0 -ge 1 ]
+ [ 0 -eq 1 ]
+ id -u
+ RKHTMPVAR=0
+ [ 0 != 0 -a 0 != root ]
+ [ 0 -eq 1 ]
+ USECF=1
+ test 0 -eq 1 -a 1 -eq 0 -a 0 -eq 0 -a 0 -eq 0
+ check_required_commands 1
+ LEAVE=0
+ [ 1 -eq 1 ]
+ CMDDIR=/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin
+ CMDNAMES=cut egrep grep sed tail tr
+ SEEN=0
+ [ -f /usr/local/sbin/cut -a -x /usr/local/sbin/cut ]
+ [ -f /usr/local/bin/cut -a -x /usr/local/bin/cut ]
+ [ -f /usr/sbin/cut -a -x /usr/sbin/cut ]
+ [ -f /usr/bin/cut -a -x /usr/bin/cut ]
+ SEEN=1
+ break
+ [ 1 -eq 0 ]
+ SEEN=0
+ [ -f /usr/local/sbin/egrep -a -x /usr/local/sbin/egrep ]
+ [ -f /usr/local/bin/egrep -a -x /usr/local/bin/egrep ]
+ [ -f /usr/sbin/egrep -a -x /usr/sbin/egrep ]
+ [ -f /usr/bin/egrep -a -x /usr/bin/egrep ]
+ [ -f /sbin/egrep -a -x /sbin/egrep ]
+ [ -f /bin/egrep -a -x /bin/egrep ]
+ SEEN=1
+ break
+ [ 1 -eq 0 ]
+ SEEN=0
+ [ -f /usr/local/sbin/grep -a -x /usr/local/sbin/grep ]
+ SEEN=1
+ break
+ [ 1 -eq 0 ]
+ SEEN=0
+ [ -f /usr/local/sbin/sed -a -x /usr/local/sbin/sed ]
+ [ -f /usr/local/bin/sed -a -x /usr/local/bin/sed ]
+ [ -f /usr/sbin/sed -a -x /usr/sbin/sed ]
+ [ -f /usr/bin/sed -a -x /usr/bin/sed ]
+ [ -f /sbin/sed -a -x /sbin/sed ]
+ [ -f /bin/sed -a -x /bin/sed ]
+ SEEN=1
+ break
+ [ 1 -eq 0 ]
+ SEEN=0
+ [ -f /usr/local/sbin/tail -a -x /usr/local/sbin/tail ]
+ [ -f /usr/local/bin/tail -a -x /usr/local/bin/tail ]
+ [ -f /usr/sbin/tail -a -x /usr/sbin/tail ]
+ [ -f /usr/bin/tail -a -x /usr/bin/tail ]
+ SEEN=1
+ break
+ [ 1 -eq 0 ]
+ SEEN=0
+ [ -f /usr/local/sbin/tr -a -x /usr/local/sbin/tr ]
+ [ -f /usr/local/bin/tr -a -x /usr/local/bin/tr ]
+ [ -f /usr/sbin/tr -a -x /usr/sbin/tr ]
+ [ -f /usr/bin/tr -a -x /usr/bin/tr ]
+ SEEN=1
+ break
+ [ 1 -eq 0 ]
+ [ 0 -eq 1 ]
+ return
+ [ -z ]
+ [ -f /etc/rkhunter.conf ]
+ CONFIGFILE=/etc/rkhunter.conf
+ [ ! -f /etc/rkhunter.conf ]
+ [ ! -r /etc/rkhunter.conf ]
+ [ ! -s /etc/rkhunter.conf ]
+ sed -e s:/[^/]*$::
+ echo /etc/rkhunter.conf
+ RKHTMPVAR=/etc
+ test -f /etc/rkhunter.conf.local
+ get_configfile_options
+ get_bindir_option
+ LEAVE=0
+ ERRCODE=0
+ [ 0 -eq 1 ]
+ get_option 2 multi BINDIR
+ OPTTYPE=2
+ OPTMULTI=multi
+ OPTV=BINDIR
+ grep -h ^BINDIR= /etc/rkhunter.conf
+ [ -z ]
+ echo
+ return 0
+ BINPATHS=
+ check_paths BINPATHS BINDIR STRICT
+ OPT_VALUE=BINPATHS
+ OPT_NAME=BINDIR
+ STRICT=STRICT
+ test -z BINDIR
+ test -z STRICT
+ STRICT=1
+ eval echo "$BINPATHS"
+ echo
+ RKHTMPVAR=
+ test -z
+ return
+ [ 0 -eq 0 ]
+ [ -z ]
+ BINPATHS=/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin
/usr/libexec /usr/local/libexec
+ [ 0 -eq 1 -o 0 -eq 1 -o Linux = AIX ]
+ add_extra_dirs
+ EXTRA_DIRS=
+ [ 0 -eq 1 ]
+ [ 0 -eq 1 ]
+ [ 0 -eq 1 ]
+ [ 0 -eq 1 ]
+ [ -f /etc/GoboLinuxVersion ]
+ test -d /opt
+ EXTRA_DIRS= /opt/bin /opt/sbin
+ test -d /usr/opt
+ return
+ BINPATHS=/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin
/usr/libexec /usr/local/libexec /opt/bin /opt/sbin
+ [ 0 -eq 0 ]
+ RKHTMPVAR=
+ PREPEND_PATHS=
+ grep ^\+
+ echo /bin
+ [ -n ]
+ grep ^\+
+ echo /usr/bin
+ [ -n ]
+ grep ^\+
+ echo /sbin
+ [ -n ]
+ grep ^\+
+ echo /usr/sbin
+ [ -n ]
+ grep ^\+
+ echo /usr/local/bin
+ [ -n ]
+ grep ^\+
+ echo /usr/local/sbin
+ [ -n ]
+ grep ^\+
+ echo /usr/libexec
+ [ -n ]
+ grep ^\+
+ echo /usr/local/libexec
+ [ -n ]
+ grep ^\+
+ echo /opt/bin
+ [ -n ]
+ grep ^\+
+ echo /opt/sbin
+ [ -n ]
+ echo
+ PREPEND_PATHS=
+ grep ^\+
+ echo /usr/local/sbin
+ [ -n ]
+ grep ^/
+ echo /usr/local/sbin
+ [ -z /usr/local/sbin ]
+ [ -e /usr/local/sbin ]
+ [ -d /usr/local/sbin ]
+ sed -e s:/$::
+ tr -s /
+ echo /usr/local/sbin
+ DIR=/usr/local/sbin
+ grep /usr/local/sbin
+ echo
+ [ -z ]
+ RKHTMPVAR= /usr/local/sbin
+ grep ^\+
+ echo /usr/local/bin
+ [ -n ]
+ grep ^/
+ echo /usr/local/bin
+ [ -z /usr/local/bin ]
+ [ -e /usr/local/bin ]
+ [ -d /usr/local/bin ]
+ tr -s /
+ echo /usr/local/bin
+ sed -e s:/$::
+ DIR=/usr/local/bin
+ grep /usr/local/bin
+ echo /usr/local/sbin
+ [ -z ]
+ RKHTMPVAR= /usr/local/sbin /usr/local/bin
+ grep ^\+
+ echo /usr/sbin
+ [ -n ]
+ grep ^/
+ echo /usr/sbin
+ [ -z /usr/sbin ]
+ [ -e /usr/sbin ]
+ [ -d /usr/sbin ]
+ tr -s /
+ sed -e s:/$::
+ echo /usr/sbin
+ DIR=/usr/sbin
+ grep /usr/sbin
+ echo /usr/local/sbin /usr/local/bin
+ [ -z ]
+ RKHTMPVAR= /usr/local/sbin /usr/local/bin /usr/sbin
+ grep ^\+
+ echo /usr/bin
+ [ -n ]
+ grep ^/
+ echo /usr/bin
+ [ -z /usr/bin ]
+ [ -e /usr/bin ]
+ [ -d /usr/bin ]
+ sed -e s:/$::
+ tr -s /
+ echo /usr/bin
+ DIR=/usr/bin
+ grep /usr/bin
+ echo /usr/local/sbin /usr/local/bin /usr/sbin
+ [ -z ]
+ RKHTMPVAR= /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin
+ grep ^\+
+ echo /sbin
+ [ -n ]
+ grep ^/
+ echo /sbin
+ [ -z /sbin ]
+ [ -e /sbin ]
+ [ -d /sbin ]
+ tr -s /
+ sed -e s:/$::
+ echo /sbin
+ DIR=/sbin
+ grep /sbin
+ echo /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin
+ [ -z /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin ]
+ grep ^\+
+ echo /bin
+ [ -n ]
+ grep ^/
+ echo /bin
+ [ -z /bin ]
+ [ -e /bin ]
+ [ -d /bin ]
+ tr -s /
+ sed -e s:/$::
+ echo /bin
+ DIR=/bin
+ grep /bin
+ echo /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin
+ [ -z /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin ]
+ grep ^\+
+ echo /bin
+ [ -n ]
+ grep ^/
+ echo /bin
+ [ -z /bin ]
+ [ -e /bin ]
+ [ -d /bin ]
+ tr -s /
+ sed -e s:/$::
+ echo /bin
+ DIR=/bin
+ grep /bin
+ echo /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin
+ [ -z /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin ]
+ grep ^\+
+ echo /usr/bin
+ [ -n ]
+ grep ^/
+ echo /usr/bin
+ [ -z /usr/bin ]
+ [ -e /usr/bin ]
+ [ -d /usr/bin ]
+ tr -s /
+ sed -e s:/$::
+ echo /usr/bin
+ DIR=/usr/bin
+ grep /usr/bin
+ echo /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin
+ [ -z /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin ]
+ grep ^\+
+ echo /sbin
+ [ -n ]
+ grep ^/
+ echo /sbin
+ [ -z /sbin ]
+ [ -e /sbin ]
+ [ -d /sbin ]
+ tr -s /
+ sed -e s:/$::
+ echo /sbin
+ DIR=/sbin
+ grep /sbin
+ echo /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin
+ [ -z /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin ]
+ grep ^\+
+ echo /usr/sbin
+ [ -n ]
+ grep ^/
+ echo /usr/sbin
+ [ -z /usr/sbin ]
+ [ -e /usr/sbin ]
+ [ -d /usr/sbin ]
+ tr -s /
+ sed -e s:/$::
+ echo /usr/sbin
+ DIR=/usr/sbin
+ grep /usr/sbin
+ echo /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin
+ [ -z /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin ]
+ grep ^\+
+ echo /usr/local/bin
+ [ -n ]
+ grep ^/
+ echo /usr/local/bin
+ [ -z /usr/local/bin ]
+ [ -e /usr/local/bin ]
+ [ -d /usr/local/bin ]
+ tr -s /
+ sed -e s:/$::
+ echo /usr/local/bin
+ DIR=/usr/local/bin
+ grep /usr/local/bin
+ echo /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin
+ [ -z /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin ]
+ grep ^\+
+ echo /usr/local/sbin
+ [ -n ]
+ grep ^/
+ echo /usr/local/sbin
+ [ -z /usr/local/sbin ]
+ [ -e /usr/local/sbin ]
+ [ -d /usr/local/sbin ]
+ sed -e s:/$::
+ tr -s /
+ echo /usr/local/sbin
+ DIR=/usr/local/sbin
+ grep /usr/local/sbin
+ echo /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin
+ [ -z /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin ]
+ grep ^\+
+ echo /usr/libexec
+ [ -n ]
+ grep ^/
+ echo /usr/libexec
+ [ -z /usr/libexec ]
+ [ -e /usr/libexec ]
+ grep ^\+
+ echo /usr/local/libexec
+ [ -n ]
+ grep ^/
+ echo /usr/local/libexec
+ [ -z /usr/local/libexec ]
+ [ -e /usr/local/libexec ]
+ grep ^\+
+ echo /opt/bin
+ [ -n ]
+ grep ^/
+ echo /opt/bin
+ [ -z /opt/bin ]
+ [ -e /opt/bin ]
+ grep ^\+
+ echo /opt/sbin
+ [ -n ]
+ grep ^/
+ echo /opt/sbin
+ [ -z /opt/sbin ]
+ [ -e /opt/sbin ]
+ echo /usr/local/sbin /usr/local/bin /usr/sbin /usr/bin
+ BINPATHS=/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin
+ [ 0 -eq 1 ]
+ return
+ get_scriptdir_option
+ LEAVE=0
+ ERRCODE=0
+ get_option 1 single SCRIPTDIR
+ OPTTYPE=1
+ OPTMULTI=single
+ OPTV=SCRIPTDIR
+ grep -h ^SCRIPTDIR= /etc/rkhunter.conf
+ [ -z SCRIPTDIR=/usr/share/rkhunter/scripts ]
+ tail -n 1
+ sed -e s/SCRIPTDIR=//
+ grep -h ^SCRIPTDIR= /etc/rkhunter.conf
+ OPTVAR=/usr/share/rkhunter/scripts
+ tr -d '
+ tr -d "
+ echo /usr/share/rkhunter/scripts
+ OPTVAR=/usr/share/rkhunter/scripts
+ echo /usr/share/rkhunter/scripts
+ return 0
+ SCRIPT_PATH=/usr/share/rkhunter/scripts
+ check_paths SCRIPT_PATH SCRIPTDIR STRICT
+ OPT_VALUE=SCRIPT_PATH
+ OPT_NAME=SCRIPTDIR
+ STRICT=STRICT
+ test -z SCRIPTDIR
+ test -z STRICT
+ STRICT=1
+ eval echo "$SCRIPT_PATH"
+ echo /usr/share/rkhunter/scripts
+ RKHTMPVAR=/usr/share/rkhunter/scripts
+ test -z /usr/share/rkhunter/scripts
+ [ 1 -eq 1 ]
+ grep [][?*]
+ echo /usr/share/rkhunter/scripts
+ [ -n ]
+ [ SCRIPTDIR = BINDIR ]
+ [ SCRIPTDIR = USER_FILEPROP_FILES_DIRS ]
+ [ SCRIPTDIR = RTKT_FILE_WHITELIST ]
+ egrep (^[./]*$)|[;&]|/\.\./
+ echo /usr/share/rkhunter/scripts
+ [ -n ]
+ [ SCRIPTDIR = USER_FILEPROP_FILES_DIRS ]
+ grep ^[^/].*/
+ echo /usr/share/rkhunter/scripts
+ [ -n ]
+ grep ^/
+ echo /usr/share/rkhunter/scripts
+ [ -z /usr/share/rkhunter/scripts ]
+ [ -f /usr/share/rkhunter/scripts ]
+ [ -d /usr/share/rkhunter/scripts ]
+ test SCRIPTDIR = ALLOWHIDDENFILE -a -h /usr/share/rkhunter/scripts
+ return
+ [ 0 -eq 0 ]
+ [ -z /usr/share/rkhunter/scripts ]
+ [ 0 -eq 1 ]
+ [ ! -r /usr/share/rkhunter/scripts ]
+ [ 0 -eq 1 ]
+ return
+ check_required_commands 2
+ LEAVE=0
+ [ 2 -eq 1 ]
+ CMDDIR=/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin
+ CMDNAMES=awk cat chmod chown cp cut date egrep grep head ls mv sed sort tail
touch tr uname uniq wc
+ SEEN=0
+ [ -f /usr/local/sbin/awk -a -x /usr/local/sbin/awk ]
+ [ -f /usr/local/bin/awk -a -x /usr/local/bin/awk ]
+ [ -f /usr/sbin/awk -a -x /usr/sbin/awk ]
+ [ -f /usr/bin/awk -a -x /usr/bin/awk ]
+ SEEN=1
+ break
+ [ 1 -eq 0 ]
+ SEEN=0
+ [ -f /usr/local/sbin/cat -a -x /usr/local/sbin/cat ]
+ [ -f /usr/local/bin/cat -a -x /usr/local/bin/cat ]
+ [ -f /usr/sbin/cat -a -x /usr/sbin/cat ]
+ [ -f /usr/bin/cat -a -x /usr/bin/cat ]
+ [ 0 -eq 0 ]
+ LEAVE=1
+ echo The command 'cat' must be present on the system in order to run rkhunter.
The command 'cat' must be present on the system in order to run rkhunter.
+ SEEN=0
+ [ -f /usr/local/sbin/chmod -a -x /usr/local/sbin/chmod ]
+ [ -f /usr/local/bin/chmod -a -x /usr/local/bin/chmod ]
+ [ -f /usr/sbin/chmod -a -x /usr/sbin/chmod ]
+ [ -f /usr/bin/chmod -a -x /usr/bin/chmod ]
+ [ 0 -eq 0 ]
+ LEAVE=1
+ echo The command 'chmod' must be present on the system in order to run
rkhunter.
The command 'chmod' must be present on the system in order to run rkhunter.
+ SEEN=0
+ [ -f /usr/local/sbin/chown -a -x /usr/local/sbin/chown ]
+ [ -f /usr/local/bin/chown -a -x /usr/local/bin/chown ]
+ [ -f /usr/sbin/chown -a -x /usr/sbin/chown ]
+ [ -f /usr/bin/chown -a -x /usr/bin/chown ]
+ [ 0 -eq 0 ]
+ LEAVE=1
+ echo The command 'chown' must be present on the system in order to run
rkhunter.
The command 'chown' must be present on the system in order to run rkhunter.
+ SEEN=0
+ [ -f /usr/local/sbin/cp -a -x /usr/local/sbin/cp ]
+ [ -f /usr/local/bin/cp -a -x /usr/local/bin/cp ]
+ [ -f /usr/sbin/cp -a -x /usr/sbin/cp ]
+ [ -f /usr/bin/cp -a -x /usr/bin/cp ]
+ [ 0 -eq 0 ]
+ LEAVE=1
+ echo The command 'cp' must be present on the system in order to run rkhunter.
The command 'cp' must be present on the system in order to run rkhunter.
+ SEEN=0
+ [ -f /usr/local/sbin/cut -a -x /usr/local/sbin/cut ]
+ [ -f /usr/local/bin/cut -a -x /usr/local/bin/cut ]
+ [ -f /usr/sbin/cut -a -x /usr/sbin/cut ]
+ [ -f /usr/bin/cut -a -x /usr/bin/cut ]
+ SEEN=1
+ break
+ [ 1 -eq 0 ]
+ SEEN=0
+ [ -f /usr/local/sbin/date -a -x /usr/local/sbin/date ]
+ [ -f /usr/local/bin/date -a -x /usr/local/bin/date ]
+ [ -f /usr/sbin/date -a -x /usr/sbin/date ]
+ [ -f /usr/bin/date -a -x /usr/bin/date ]
+ [ 0 -eq 0 ]
+ LEAVE=1
+ echo The command 'date' must be present on the system in order to run
rkhunter.
The command 'date' must be present on the system in order to run rkhunter.
+ SEEN=0
+ [ -f /usr/local/sbin/egrep -a -x /usr/local/sbin/egrep ]
+ [ -f /usr/local/bin/egrep -a -x /usr/local/bin/egrep ]
+ [ -f /usr/sbin/egrep -a -x /usr/sbin/egrep ]
+ [ -f /usr/bin/egrep -a -x /usr/bin/egrep ]
+ [ 0 -eq 0 ]
+ LEAVE=1
+ echo The command 'egrep' must be present on the system in order to run
rkhunter.
The command 'egrep' must be present on the system in order to run rkhunter.
+ SEEN=0
+ [ -f /usr/local/sbin/grep -a -x /usr/local/sbin/grep ]
+ SEEN=1
+ break
+ [ 1 -eq 0 ]
+ SEEN=0
+ [ -f /usr/local/sbin/head -a -x /usr/local/sbin/head ]
+ [ -f /usr/local/bin/head -a -x /usr/local/bin/head ]
+ [ -f /usr/sbin/head -a -x /usr/sbin/head ]
+ [ -f /usr/bin/head -a -x /usr/bin/head ]
+ SEEN=1
+ break
+ [ 1 -eq 0 ]
+ SEEN=0
+ [ -f /usr/local/sbin/ls -a -x /usr/local/sbin/ls ]
+ [ -f /usr/local/bin/ls -a -x /usr/local/bin/ls ]
+ [ -f /usr/sbin/ls -a -x /usr/sbin/ls ]
+ [ -f /usr/bin/ls -a -x /usr/bin/ls ]
+ [ 0 -eq 0 ]
+ LEAVE=1
+ echo The command 'ls' must be present on the system in order to run rkhunter.
The command 'ls' must be present on the system in order to run rkhunter.
+ SEEN=0
+ [ -f /usr/local/sbin/mv -a -x /usr/local/sbin/mv ]
+ [ -f /usr/local/bin/mv -a -x /usr/local/bin/mv ]
+ [ -f /usr/sbin/mv -a -x /usr/sbin/mv ]
+ [ -f /usr/bin/mv -a -x /usr/bin/mv ]
+ [ 0 -eq 0 ]
+ LEAVE=1
+ echo The command 'mv' must be present on the system in order to run rkhunter.
The command 'mv' must be present on the system in order to run rkhunter.
+ SEEN=0
+ [ -f /usr/local/sbin/sed -a -x /usr/local/sbin/sed ]
+ [ -f /usr/local/bin/sed -a -x /usr/local/bin/sed ]
+ [ -f /usr/sbin/sed -a -x /usr/sbin/sed ]
+ [ -f /usr/bin/sed -a -x /usr/bin/sed ]
+ [ 0 -eq 0 ]
+ LEAVE=1
+ echo The command 'sed' must be present on the system in order to run rkhunter.
The command 'sed' must be present on the system in order to run rkhunter.
+ SEEN=0
+ [ -f /usr/local/sbin/sort -a -x /usr/local/sbin/sort ]
+ [ -f /usr/local/bin/sort -a -x /usr/local/bin/sort ]
+ [ -f /usr/sbin/sort -a -x /usr/sbin/sort ]
+ [ -f /usr/bin/sort -a -x /usr/bin/sort ]
+ SEEN=1
+ break
+ [ 1 -eq 0 ]
+ SEEN=0
+ [ -f /usr/local/sbin/tail -a -x /usr/local/sbin/tail ]
+ [ -f /usr/local/bin/tail -a -x /usr/local/bin/tail ]
+ [ -f /usr/sbin/tail -a -x /usr/sbin/tail ]
+ [ -f /usr/bin/tail -a -x /usr/bin/tail ]
+ SEEN=1
+ break
+ [ 1 -eq 0 ]
+ SEEN=0
+ [ -f /usr/local/sbin/touch -a -x /usr/local/sbin/touch ]
+ [ -f /usr/local/bin/touch -a -x /usr/local/bin/touch ]
+ [ -f /usr/sbin/touch -a -x /usr/sbin/touch ]
+ [ -f /usr/bin/touch -a -x /usr/bin/touch ]
+ SEEN=1
+ break
+ [ 1 -eq 0 ]
+ SEEN=0
+ [ -f /usr/local/sbin/tr -a -x /usr/local/sbin/tr ]
+ [ -f /usr/local/bin/tr -a -x /usr/local/bin/tr ]
+ [ -f /usr/sbin/tr -a -x /usr/sbin/tr ]
+ [ -f /usr/bin/tr -a -x /usr/bin/tr ]
+ SEEN=1
+ break
+ [ 1 -eq 0 ]
+ SEEN=0
+ [ -f /usr/local/sbin/uname -a -x /usr/local/sbin/uname ]
+ [ -f /usr/local/bin/uname -a -x /usr/local/bin/uname ]
+ [ -f /usr/sbin/uname -a -x /usr/sbin/uname ]
+ [ -f /usr/bin/uname -a -x /usr/bin/uname ]
+ [ 0 -eq 0 ]
+ LEAVE=1
+ echo The command 'uname' must be present on the system in order to run
rkhunter.
The command 'uname' must be present on the system in order to run rkhunter.
+ SEEN=0
+ [ -f /usr/local/sbin/uniq -a -x /usr/local/sbin/uniq ]
+ [ -f /usr/local/bin/uniq -a -x /usr/local/bin/uniq ]
+ [ -f /usr/sbin/uniq -a -x /usr/sbin/uniq ]
+ [ -f /usr/bin/uniq -a -x /usr/bin/uniq ]
+ SEEN=1
+ break
+ [ 1 -eq 0 ]
+ SEEN=0
+ [ -f /usr/local/sbin/wc -a -x /usr/local/sbin/wc ]
+ [ -f /usr/local/bin/wc -a -x /usr/local/bin/wc ]
+ [ -f /usr/sbin/wc -a -x /usr/sbin/wc ]
+ [ -f /usr/bin/wc -a -x /usr/bin/wc ]
+ SEEN=1
+ break
+ [ 1 -eq 0 ]
+ [ 1 -eq 1 ]
+ [ 0 -eq 0 ]
+ exit 1
_______________________________________________
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
