Bug 148471

Summary: rkhunter exits with returncode 1
Product: [openSUSE] SUSE Linux 10.1 Reporter: Andreas Vetter <vetter>
Component: OtherAssignee: Marcus Meissner <meissner>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P5 - None CC: asklein, balazs.melikant
Version: Final   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Andreas Vetter 2006-02-06 18:42:42 UTC 
rkhunter exits with returncode 1

I understand that the OS is not fully supported yet ;-)
But the md5 message seems like a problem.
And it is right, that ssh protocol 1 should be disabled.

Here are the error messages:

running daily cronjob scripts

SCRIPT: 01-rkhunter exited with RETURNCODE = 1.
SCRIPT: output (stdout && stderr) follows

Line:
Warning: This operating system is not fully supported!
Line: Warning: This operating system is not fully supported!
Warning: Cannot find md5_not_known
Line: Warning: Cannot find md5_not_known
  [ Warning! ]
Line:   [ Warning! ]
Watch out Root login possible. Possible risk!
Line: Watch out Root login possible. Possible risk!
  [ Warning (SSH v1 allowed) ]
Some errors has been found while checking. Please perform a manual check on this machine wast029
SCRIPT: 01-rkhunter
------- END OF OUTPUT
Comment 1 Marcus Meissner 2006-03-23 13:18:29 UTC 
ssh protocol v1 will not be disabled yet. (but likely soon)

added 10.1 (i586) and 10.1 (x86_64).
Comment 2 Andreas Vetter 2006-06-26 17:51:08 UTC 
* Filesystem checks
   Checking /dev for suspicious files...   [ OK ]
   Scanning for hidden files...  [ Warning! ]
---------------
 /dev/.udev /etc/.pwd.lock
---------------
Please inspect:  /dev/.udev (directory)

This is resolved by changing the following line in /etc/rkhunter.conf:
ALLOWHIDDENDIR=/dev/.udevdb
to
ALLOWHIDDENDIR=/dev/.udev
Comment 3 Marcus Meissner 2006-07-19 12:53:49 UTC 
fixed in 10.2
Comment 4 Andreas Vetter 2006-08-01 10:33:17 UTC 
New problem: in 10.1 rkhunter does not know the OS and complains about gpg:

vetter@beder:~> rpm -q rkhunter
rkhunter-1.2.7-16
vetter@beder:~> rpm -q gpg
gpg-1.4.2-23.4

beder:~ # rkhunter --cronjob
Rootkit Hunter 1.2.7 is running
Determining OS... Unknown
Warning: This operating system is not fully supported!
Warning: Cannot find md5_not_known
All MD5 checks will be skipped!
...
* Application version scan
   - GnuPG 1.4.2   [ Vulnerable ]
...
Comment 5 Balazs Melikant 2006-10-28 07:52:43 UTC 
Similarly, on (the not yet supported) openSUSE 10.2b1 md5sum couldn't be found:
halacska:/etc # rkhunter -c

Rootkit Hunter 1.2.8 is running

Determining OS... Ready
Warning: Cannot find Location of md5
All MD5 checks will be skipped!
<...>
Comment 6 Andreas Vetter 2006-10-30 13:09:13 UTC 
changing product to 10.1 final.
Comment 7 Marcus Meissner 2006-11-20 13:32:10 UTC 
Its fixed for 10.2 at least.
Comment 8 Andreas Vetter 2007-01-10 16:04:11 UTC 
What about 10.1. Will it be fixed?
Comment 9 Marcus Meissner 2007-01-10 16:39:22 UTC 
10.1 works fine.

the problem is when you run "rkhunter --update" that it no longer recognizes 10.1 anymore.

I remember sending upstream a patch for detecting 10.1, so its upstreams fault.
Comment 10 Andreas Vetter 2007-01-11 17:26:03 UTC 
ok, reinstalling rkhunter fixes that on 10.1. So feel free to close the bug :-)
Comment 11 Balazs Melikant 2007-01-11 19:16:35 UTC 
[OT:] The file called os.dat is the culprit, everytime you put back the original from the rpm, everything will be OK again! Maybe you wish to copy it back 1x and then 1. make it read-only, therefore it can't be overwritten when the update function is called, or 2. modify the update function in the script that this particular file shouldn't be touched while updating...
I'm on SUSE 9.1 now and in my case the above file is
/var/lib/rkhunter/db/os.dat
PS. I completely agree with _upstream_ problem for all issues (os version, rpm version, etc.) :((
Comment 12 Marcus Meissner 2007-01-15 13:40:09 UTC 
lets close it then.