Bug 1062865

Summary: Rkhunter stops short when syslog daemon is not running
Product: [Fedora] Fedora Reporter: Anthony Messina <amessina>
Component: rkhunterAssignee: Kevin Fenzi <kevin>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 19CC: kevin, nonamedotc
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: rkhunter-1.4.2-5.fc19 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-15 15:01:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Anthony Messina 2014-02-08 09:56:41 UTC 
When using rkhunter on a F19 system where non syslog daemon is running (using systemd-journald instead), rkhunter doesn't seem to run it's full set of tests and seems to bail out, giving the following every run.  This output is the same regardless if there *are* things that rkhunter should have picked up on.  For example, if I update coreutils or perl or a package that I know I'll need to issue a 'rkhunter --propupd' after.  This is the only output:

--------------------- Start Rootkit Hunter Update ---------------------
[ Rootkit Hunter version 1.4.0 ]

Checking rkhunter data files...
  Checking file mirrors.dat                                  [ No update ]
  Checking file programs_bad.dat                             [ No update ]
  Checking file backdoorports.dat                            [ No update ]
  Checking file suspscan.dat                                 [ No update ]
  Checking file i18n/cn                                      [ No update ]
  Checking file i18n/de                                      [ No update ]
  Checking file i18n/en                                      [ No update ]
  Checking file i18n/zh                                      [ No update ]
  Checking file i18n/zh.utf8                                 [ No update ]

---------------------- Start Rootkit Hunter Scan ----------------------
Warning: The syslog daemon is not running.

----------------------- End Rootkit Hunter Scan -----------------------
Comment 1 Kevin Fenzi 2014-02-16 18:55:49 UTC 
This was actually fixed upstream a while back: 

http://sourceforge.net/p/rkhunter/feature-requests/36/

They simply haven't done a new release yet. ;( 

I'll try and see if they can soon... and failing that we could look at backporting... but its likely to be pretty messy, as there are a lot of changes in upstream.
Comment 2 Anthony Messina 2014-03-06 01:23:57 UTC 
Ok, I've upgraded to F20 and there is some progress.  rkhunter will now show other warnings if there are any (after upgrading some regular system utils, for example) in addition to the "Warning: The syslog daemon is not running" notice.  So at least it can tell me if something's changed.  It would still be nice however to NOT get the warning about syslog running everyday when I'm fully aware that I'm only using systemd-journald.
Comment 3 Kevin Fenzi 2014-03-06 21:41:41 UTC 
Theres a new upstream version that handles this now.

Will be pushing it out soon (need to look into some issues still). 

Sorry for the delay.
Comment 4 Kevin Fenzi 2014-03-13 19:53:09 UTC 
Can you test this scratch build: 

http://koji.fedoraproject.org/koji/taskinfo?taskID=6630812
Comment 5 Anthony Messina 2014-03-13 23:08:53 UTC 
(In reply to Kevin Fenzi from comment #4)
> Can you test this scratch build: 
> 
> http://koji.fedoraproject.org/koji/taskinfo?taskID=6630812

It appears to take away the warning about no syslog daemon running.  I have yet to merge in the massive changes to the config file, but it looks good so far.  Thanks.
Comment 6 Fedora Update System 2014-03-14 16:41:08 UTC 
rkhunter-1.4.2-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/rkhunter-1.4.2-1.fc20
Comment 7 Fedora Update System 2014-03-14 16:43:29 UTC 
rkhunter-1.4.2-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/rkhunter-1.4.2-1.fc19
Comment 8 Fedora Update System 2014-03-14 16:52:56 UTC 
rkhunter-1.4.2-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/rkhunter-1.4.2-1.el6
Comment 9 Fedora Update System 2014-03-15 15:01:33 UTC 
rkhunter-1.4.2-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2014-03-30 18:47:17 UTC 
rkhunter-1.4.2-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2014-10-27 15:57:48 UTC 
rkhunter-1.4.2-5.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/rkhunter-1.4.2-5.fc19
Comment 12 Fedora Update System 2014-11-07 02:40:00 UTC 
rkhunter-1.4.2-5.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.