Description of problem: In /usr/bin/rkhunter on line 17419 the following is done. 17418 if [ -n "${USE_SYSLOG}" ]; then 17419 ${LOGGER_CMD} -t "${PROGRAM_NAME}" -p ${USE_SYSLOG} "Rootkit hunter check started (version ${PROGRAM_version})" 17420 fi Where PROGRAM_NAME="Rootkit Hunter", this is not correct usage of logger. It should not contain a space in the program name. For example: $ logger -t "test host" -p local3.info testmessage Will be registered in syslog as: 1447255748 2015 Nov 11 16:29:08 test local3 info host testmessage The program name "test host" is just "test" and "host" is being used in the syslog info message. This is a nightmare for syslog parsers. A fix for this would be to change line 18330 to: PROGRAM_NAME="Rootkit_Hunter" or PROGRAM_NAME="rkhunter"
Seems reasonable to change it to rkhunter, but it seems like something to discuss with upstream. Would you be willing to post upstream about this? or would you like me to do so?
(In reply to Kevin Fenzi from comment #1) > Seems reasonable to change it to rkhunter, but it seems like something to > discuss with upstream. > > Would you be willing to post upstream about this? or would you like me to do > so? Done! https://sourceforge.net/p/rkhunter/bugs/142/
The (F22) man page for logger mentions no such restriction on the tag. Using Fedora 22: logger -t "rootkit hunter" something jh And in the messages file I get: Nov 25 10:22:11 jhorne journal: rootkit hunter: something jh And using: logger -t "test host" -p local3.info testmessage I get: Nov 25 10:25:02 jhorne journal: test host: testmessage So no problem with a space in the tag. Could this be specific to Fedora 23?
Sorry, I assigned it to the wrong release, it's in EPEL EL6, I updated the bug details. Maybe it is an EPEL issue, since rkhunter (logger) seems to work fine with journalctl with a space in the program name. I'll leave it up to you guys, I would suggest to change the program name in the package to rkhunter since that's more compatible with the logging software stack (syslog + logger) in EL6.
Again, tested on CentOS 6 and RHEL 7 with no problems. The tag can contain a space, provided quotes are used around the tag.
I have modified the upstream rkhunter code so that the logger tag is now 'rkhunter'.
I'd prefer to wait for an upstream release to make this change... unless there's some pressing need?
rkhunter-1.4.4-1.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-997a5a3ba1
rkhunter-1.4.4-1.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-383f2fab91
rkhunter-1.4.4-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0ba0d21577
rkhunter-1.4.4-1.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-997a5a3ba1
rkhunter-1.4.4-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0ba0d21577
rkhunter-1.4.4-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-5b1d389235
rkhunter-1.4.4-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-f5e8476376
rkhunter-1.4.4-1.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-383f2fab91
rkhunter-1.4.4-2.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-1150c5994f
rkhunter-1.4.4-2.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-1150c5994f
rkhunter-1.4.4-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
rkhunter-1.4.4-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
rkhunter-1.4.4-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
rkhunter-1.4.4-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
rkhunter-1.4.4-2.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.