Bug 1473414

Summary: rkhunter exits 1 now on check, warning about prerequisistes, whereas that was exit 0 so far in the same environment
Product: [Fedora] Fedora EPEL Reporter: Iosif Fettich <ifettich>
Component: rkhunterAssignee: Kevin Fenzi <kevin>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: unspecified    
Version: el6CC: elwellj, jbook, kevin, manuel.wolfshant, nonamedotc
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Fixed In Version: rkhunter-1.4.4-2.el6 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-09-08 02:18:49 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Iosif Fettich 2017-07-20 18:22:40 UTC
Description of problem:

after updating rkhunter-1.4.4-1.el6.noarch from repo epel today (updating the previously installed version, 1.4.2) on an otherwise up-to-date CentOS
release 6.9 (Final) system, we found that our Nagios monitoring is complaining about warnings.

This turns out to be due to some missing prerequisites (or some related issue):

# rkhunter --list
Perl module installation status:
    perl command               Installed
    File::stat                 Installed
    Getopt::Long               Installed
    Crypt::RIPEMD160            MISSING
    Digest::MD5                Installed
    Digest::SHA                Installed
    Digest::SHA1               Installed
    Digest::SHA256              MISSING
    Digest::SHA::PurePerl       MISSING
    Digest::Whirlpool           MISSING
    LWP                        Installed
    URI                        Installed
    HTTP::Status               Installed
    HTTP::Date                 Installed
    Socket                     Installed
    Carp                       Installed

Something changed in the way rkhunter deals with the prerequisites; these modules were missing till now as well, but so far rkhunter was exiting with 0 despite the missing prerequisites, whereas now it exits with code 1.

While the missing modules might well be available via CPAN, I'd rather prefer to stay with the packages available in the CentOS repos on our
production servers.

Unfortunately, these perl-X modules are NOT available in any of the usual repos, so it seems that there is no choice then to use CPAN...?!

On the other hand, the version I found on CPAN for Digest::SHA256 is 0.01, and the module is dated 2001. What happens here...?

If these Perl modules are necessary, they should be available as packages from the repos, I think. But I rather consider that the warnings are
misleading and exit 1 should be avoided for this.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results: when running #rkhunter --check from the terminal,
System checks summary

File properties checks...
    Required commands check failed
    Files checked: 138
    Suspect files: 0

Rootkit checks...
    Rootkits checked : 478
    Possible rootkits: 0

Applications checks...
    All checks skipped

The system checks took: 1 minute and 26 seconds

All results have been written to the log file: /var/log/rkhunter/rkhunter.log

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter/rkhunter.log)

Expected results: when running #rkhunter --check from the terminal,
NO warnings.

Additional info:

The relevant part of the log file:
[18:05:41] Info: Starting test name 'properties'
[18:05:41] Performing file properties checks
[18:05:41] Warning: Checking for prerequisites               [ Warning ]
[18:05:41]          All file hash checks will be skipped because:
[18:05:41]              This system uses prelinking, but the hash function command does not look like SHA1 or MD5.

There are no other warnings in the logs.

Comment 1 Iosif Fettich 2017-07-20 18:33:54 UTC
Turns out that the missing modules were a red herring...



to /etc/rkhunter.conf to avoid using the default SHA256 checksum solves the issue. 

Sort of. It still would be nice to get a clue about this, or having rkhunter working 'out of the box', tryinc to sync with what prelink does when it is used on the system.

Thank you.

Comment 2 manuel wolfshant 2017-07-20 19:18:48 UTC
I encountered the same issue ( i.e. "This system uses prelinking, but the hash function command does not look like SHA1 or MD5." ) but I solved it by just not using prelinking any more.

I'll give "HASH_CMD=sha1sum" a spin , too.

Comment 3 manuel wolfshant 2017-07-20 19:31:36 UTC
echo "HASH_CMD=sha1sum" >> /etc/rkhunter.conf.local solved the problem for me, too. Kevin, can you please add that as a default in rkhunter.conf ?

Comment 4 Fedora Update System 2017-08-12 19:38:33 UTC
rkhunter-1.4.4-2.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-bc4003cb37

Comment 5 Fedora Update System 2017-08-14 07:19:22 UTC
rkhunter-1.4.4-2.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-bc4003cb37

Comment 6 Jason Elwell 2017-08-17 13:54:29 UTC
The solution "HASH_CMD=sha1sum" worked.   Thank you,  Iosif Fettich, for posting the fix.

Comment 7 Fedora Update System 2017-09-08 02:18:49 UTC
rkhunter-1.4.4-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.