Bug 828331

Summary: check scan incorrectly handles file names with spaces
Product: [Fedora] Fedora EPEL Reporter: Tony Schreiner <anthony.schreiner>
Component: rkhunterAssignee: Kevin Fenzi <kevin>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: el6CC: kevin, manuel.wolfshant
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: rkhunter-1.4.2-5.fc19 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-15 15:01:30 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tony Schreiner 2012-06-04 15:36:22 UTC 
Description of problem:
rkunter check complains with
Invalid ALLOWDEVFILE configuration option: Invalid pathname: (word)
when it encounters file names with spaces. In my case there are a few offending files:
/dev/.udev/db/drivers:Intel SCB2 BIOS Flash
/dev/.udev/db/platform:Fixed MDIO bus.0
/dev/.udev/db/drivers:Generic PHY

leading to the error messages
Invalid ALLOWDEVFILE configuration option: Invalid pathname: PHY
Invalid ALLOWDEVFILE configuration option: Invalid pathname: SCB2
Invalid ALLOWDEVFILE configuration option: Invalid pathname: BIOS
Invalid ALLOWDEVFILE configuration option: Invalid pathname: Flash
Invalid ALLOWDEVFILE configuration option: Invalid pathname: MDIO
Invalid ALLOWDEVFILE configuration option: Invalid pathname: bus.0

rkhunter does not complete the scan

Version-Release number of selected component (if applicable):
1.4.0

How reproducible:
have removed rkhunter and reinstalled, and also rebooted system

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Kevin Fenzi 2012-06-04 22:25:42 UTC 
This looks like a duplicate of https://bugzilla.redhat.com/show_bug.cgi?id=674245

This was supposed to be fixed in 1.4.x I thought, but perhaps not. 

What ALLOWDEVFILE directives do you have in /etc/rkhunter.conf ? 

Can you try: 

1. escaping the spaces with \ 
2. Putting "s around the entire path
3. Using %20 instead of space.
4. Use a wildcard (*) instead of the path part that has spaces.  

and see if any of those work?
Comment 2 Tony Schreiner 2012-06-05 14:04:27 UTC 
I am using the default /etc/rkhunter.conf that came with the update.

These are all the ALLOWDEVFILE lines
#ALLOWDEVFILE="/dev/shm/pulse-shm-*"
#ALLOWDEVFILE="/dev/shm/sem.ADBE_*"
ALLOWDEVFILE=/dev/shm/pulse-shm-*
ALLOWDEVFILE=/dev/md/md-device-map
ALLOWDEVFILE="/dev/shm/mono.*"
ALLOWDEVFILE="/dev/shm/libv4l-*"
ALLOWDEVFILE="/dev/shm/spice.*"
ALLOWDEVFILE=/dev/.mdadm.map
ALLOWDEVFILE=/dev/.udev/queue.bin
ALLOWDEVFILE=/dev/.udev/db/*
ALLOWDEVFILE=/dev/.udev/rules.d/99-root.rules

I have added quotes
ALLOWDEVFILE="/dev/.udev/db/*"

but the issue persists
Comment 3 Kevin Fenzi 2012-06-08 15:21:09 UTC 
Would you be willing to report this upstream?

rkhunter-users.net 

If not, I will try and do so...
Comment 4 Tony Schreiner 2012-06-08 19:02:15 UTC 
Will do.
Comment 5 Fedora Update System 2014-03-14 16:41:04 UTC 
rkhunter-1.4.2-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/rkhunter-1.4.2-1.fc20
Comment 6 Fedora Update System 2014-03-14 16:43:25 UTC 
rkhunter-1.4.2-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/rkhunter-1.4.2-1.fc19
Comment 7 Fedora Update System 2014-03-14 16:52:51 UTC 
rkhunter-1.4.2-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/rkhunter-1.4.2-1.el6
Comment 8 Fedora Update System 2014-03-15 15:01:30 UTC 
rkhunter-1.4.2-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2014-03-30 18:47:13 UTC 
rkhunter-1.4.2-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2014-10-27 15:57:46 UTC 
rkhunter-1.4.2-5.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/rkhunter-1.4.2-5.fc19
Comment 11 Fedora Update System 2014-11-07 02:39:58 UTC 
rkhunter-1.4.2-5.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.