|Summary:||rkhunter exits 1 now on check, warning about prerequisistes, whereas that was exit 0 so far in the same environment|
|Product:||[Fedora] Fedora EPEL||Reporter:||Iosif Fettich <ifettich>|
|Component:||rkhunter||Assignee:||Kevin Fenzi <kevin>|
|Status:||CLOSED ERRATA||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Version:||el6||CC:||elwellj, jbook, kevin, manuel.wolfshant, nonamedotc|
|Fixed In Version:||rkhunter-1.4.4-2.el6||Doc Type:||If docs needed, set a value|
|Doc Text:||Story Points:||---|
|Last Closed:||2017-09-08 02:18:49 UTC||Type:||Bug|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description Iosif Fettich 2017-07-20 18:22:40 UTC
Description of problem: after updating rkhunter-1.4.4-1.el6.noarch from repo epel today (updating the previously installed version, 1.4.2) on an otherwise up-to-date CentOS release 6.9 (Final) system, we found that our Nagios monitoring is complaining about warnings. This turns out to be due to some missing prerequisites (or some related issue): # rkhunter --list [...] Perl module installation status: perl command Installed File::stat Installed Getopt::Long Installed Crypt::RIPEMD160 MISSING Digest::MD5 Installed Digest::SHA Installed Digest::SHA1 Installed Digest::SHA256 MISSING Digest::SHA::PurePerl MISSING Digest::Whirlpool MISSING LWP Installed URI Installed HTTP::Status Installed HTTP::Date Installed Socket Installed Carp Installed [...] Something changed in the way rkhunter deals with the prerequisites; these modules were missing till now as well, but so far rkhunter was exiting with 0 despite the missing prerequisites, whereas now it exits with code 1. While the missing modules might well be available via CPAN, I'd rather prefer to stay with the packages available in the CentOS repos on our production servers. Unfortunately, these perl-X modules are NOT available in any of the usual repos, so it seems that there is no choice then to use CPAN...?! On the other hand, the version I found on CPAN for Digest::SHA256 is 0.01, and the module is dated 2001. What happens here...? If these Perl modules are necessary, they should be available as packages from the repos, I think. But I rather consider that the warnings are misleading and exit 1 should be avoided for this. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: when running #rkhunter --check from the terminal, [...] System checks summary ===================== File properties checks... Required commands check failed Files checked: 138 Suspect files: 0 Rootkit checks... Rootkits checked : 478 Possible rootkits: 0 Applications checks... All checks skipped The system checks took: 1 minute and 26 seconds All results have been written to the log file: /var/log/rkhunter/rkhunter.log One or more warnings have been found while checking the system. Please check the log file (/var/log/rkhunter/rkhunter.log) Expected results: when running #rkhunter --check from the terminal, NO warnings. Additional info: The relevant part of the log file: [...] [18:05:41] Info: Starting test name 'properties' [18:05:41] Performing file properties checks [18:05:41] Warning: Checking for prerequisites [ Warning ] [18:05:41] All file hash checks will be skipped because: [18:05:41] This system uses prelinking, but the hash function command does not look like SHA1 or MD5. [...] There are no other warnings in the logs.
Comment 1 Iosif Fettich 2017-07-20 18:33:54 UTC
Turns out that the missing modules were a red herring... Adding HASH_CMD=sha1sum to /etc/rkhunter.conf to avoid using the default SHA256 checksum solves the issue. Sort of. It still would be nice to get a clue about this, or having rkhunter working 'out of the box', tryinc to sync with what prelink does when it is used on the system. Thank you.
Comment 2 manuel wolfshant 2017-07-20 19:18:48 UTC
I encountered the same issue ( i.e. "This system uses prelinking, but the hash function command does not look like SHA1 or MD5." ) but I solved it by just not using prelinking any more. I'll give "HASH_CMD=sha1sum" a spin , too.
Comment 3 manuel wolfshant 2017-07-20 19:31:36 UTC
echo "HASH_CMD=sha1sum" >> /etc/rkhunter.conf.local solved the problem for me, too. Kevin, can you please add that as a default in rkhunter.conf ?
Comment 4 Fedora Update System 2017-08-12 19:38:33 UTC
rkhunter-1.4.4-2.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-bc4003cb37
Comment 5 Fedora Update System 2017-08-14 07:19:22 UTC
rkhunter-1.4.4-2.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-bc4003cb37
Comment 6 Jason Elwell 2017-08-17 13:54:29 UTC
The solution "HASH_CMD=sha1sum" worked. Thank you, Iosif Fettich, for posting the fix.
Comment 7 Fedora Update System 2017-09-08 02:18:49 UTC
rkhunter-1.4.4-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.