When using rkhunter on a F19 system where non syslog daemon is running (using systemd-journald instead), rkhunter doesn't seem to run it's full set of tests and seems to bail out, giving the following every run. This output is the same regardless if there *are* things that rkhunter should have picked up on. For example, if I update coreutils or perl or a package that I know I'll need to issue a 'rkhunter --propupd' after. This is the only output: --------------------- Start Rootkit Hunter Update --------------------- [ Rootkit Hunter version 1.4.0 ] Checking rkhunter data files... Checking file mirrors.dat [ No update ] Checking file programs_bad.dat [ No update ] Checking file backdoorports.dat [ No update ] Checking file suspscan.dat [ No update ] Checking file i18n/cn [ No update ] Checking file i18n/de [ No update ] Checking file i18n/en [ No update ] Checking file i18n/zh [ No update ] Checking file i18n/zh.utf8 [ No update ] ---------------------- Start Rootkit Hunter Scan ---------------------- Warning: The syslog daemon is not running. ----------------------- End Rootkit Hunter Scan -----------------------
This was actually fixed upstream a while back: http://sourceforge.net/p/rkhunter/feature-requests/36/ They simply haven't done a new release yet. ;( I'll try and see if they can soon... and failing that we could look at backporting... but its likely to be pretty messy, as there are a lot of changes in upstream.
Ok, I've upgraded to F20 and there is some progress. rkhunter will now show other warnings if there are any (after upgrading some regular system utils, for example) in addition to the "Warning: The syslog daemon is not running" notice. So at least it can tell me if something's changed. It would still be nice however to NOT get the warning about syslog running everyday when I'm fully aware that I'm only using systemd-journald.
Theres a new upstream version that handles this now. Will be pushing it out soon (need to look into some issues still). Sorry for the delay.
Can you test this scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=6630812
(In reply to Kevin Fenzi from comment #4) > Can you test this scratch build: > > http://koji.fedoraproject.org/koji/taskinfo?taskID=6630812 It appears to take away the warning about no syslog daemon running. I have yet to merge in the massive changes to the config file, but it looks good so far. Thanks.
rkhunter-1.4.2-1.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/rkhunter-1.4.2-1.fc20
rkhunter-1.4.2-1.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/rkhunter-1.4.2-1.fc19
rkhunter-1.4.2-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/rkhunter-1.4.2-1.el6
rkhunter-1.4.2-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
rkhunter-1.4.2-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
rkhunter-1.4.2-5.fc19 has been submitted as an update for Fedora 19. https://admin.fedoraproject.org/updates/rkhunter-1.4.2-5.fc19
rkhunter-1.4.2-5.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.