Bugzilla – Bug 148471
rkhunter exits with returncode 1
Last modified: 2007-01-15 13:40:09 UTC
rkhunter exits with returncode 1 I understand that the OS is not fully supported yet ;-) But the md5 message seems like a problem. And it is right, that ssh protocol 1 should be disabled. Here are the error messages: running daily cronjob scripts SCRIPT: 01-rkhunter exited with RETURNCODE = 1. SCRIPT: output (stdout && stderr) follows Line: Warning: This operating system is not fully supported! Line: Warning: This operating system is not fully supported! Warning: Cannot find md5_not_known Line: Warning: Cannot find md5_not_known [ Warning! ] Line: [ Warning! ] Watch out Root login possible. Possible risk! Line: Watch out Root login possible. Possible risk! [ Warning (SSH v1 allowed) ] Some errors has been found while checking. Please perform a manual check on this machine wast029 SCRIPT: 01-rkhunter ------- END OF OUTPUT
ssh protocol v1 will not be disabled yet. (but likely soon) added 10.1 (i586) and 10.1 (x86_64).
* Filesystem checks Checking /dev for suspicious files... [ OK ] Scanning for hidden files... [ Warning! ] --------------- /dev/.udev /etc/.pwd.lock --------------- Please inspect: /dev/.udev (directory) This is resolved by changing the following line in /etc/rkhunter.conf: ALLOWHIDDENDIR=/dev/.udevdb to ALLOWHIDDENDIR=/dev/.udev
fixed in 10.2
New problem: in 10.1 rkhunter does not know the OS and complains about gpg: vetter@beder:~> rpm -q rkhunter rkhunter-1.2.7-16 vetter@beder:~> rpm -q gpg gpg-1.4.2-23.4 beder:~ # rkhunter --cronjob Rootkit Hunter 1.2.7 is running Determining OS... Unknown Warning: This operating system is not fully supported! Warning: Cannot find md5_not_known All MD5 checks will be skipped! ... * Application version scan - GnuPG 1.4.2 [ Vulnerable ] ...
Similarly, on (the not yet supported) openSUSE 10.2b1 md5sum couldn't be found: halacska:/etc # rkhunter -c Rootkit Hunter 1.2.8 is running Determining OS... Ready Warning: Cannot find Location of md5 All MD5 checks will be skipped! <...>
changing product to 10.1 final.
Its fixed for 10.2 at least.
What about 10.1. Will it be fixed?
10.1 works fine. the problem is when you run "rkhunter --update" that it no longer recognizes 10.1 anymore. I remember sending upstream a patch for detecting 10.1, so its upstreams fault.
ok, reinstalling rkhunter fixes that on 10.1. So feel free to close the bug :-)
[OT:] The file called os.dat is the culprit, everytime you put back the original from the rpm, everything will be OK again! Maybe you wish to copy it back 1x and then 1. make it read-only, therefore it can't be overwritten when the update function is called, or 2. modify the update function in the script that this particular file shouldn't be touched while updating... I'm on SUSE 9.1 now and in my case the above file is /var/lib/rkhunter/db/os.dat PS. I completely agree with _upstream_ problem for all issues (os version, rpm version, etc.) :((
lets close it then.