Red Hat Bugzilla – Bug 1473414
rkhunter exits 1 now on check, warning about prerequisistes, whereas that was exit 0 so far in the same environment
Last modified: 2017-08-17 09:54:29 EDT
Description of problem:
after updating rkhunter-1.4.4-1.el6.noarch from repo epel today (updating the previously installed version, 1.4.2) on an otherwise up-to-date CentOS
release 6.9 (Final) system, we found that our Nagios monitoring is complaining about warnings.
This turns out to be due to some missing prerequisites (or some related issue):
# rkhunter --list
Perl module installation status:
perl command Installed
Something changed in the way rkhunter deals with the prerequisites; these modules were missing till now as well, but so far rkhunter was exiting with 0 despite the missing prerequisites, whereas now it exits with code 1.
While the missing modules might well be available via CPAN, I'd rather prefer to stay with the packages available in the CentOS repos on our
Unfortunately, these perl-X modules are NOT available in any of the usual repos, so it seems that there is no choice then to use CPAN...?!
On the other hand, the version I found on CPAN for Digest::SHA256 is 0.01, and the module is dated 2001. What happens here...?
If these Perl modules are necessary, they should be available as packages from the repos, I think. But I rather consider that the warnings are
misleading and exit 1 should be avoided for this.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
Actual results: when running #rkhunter --check from the terminal,
System checks summary
File properties checks...
Required commands check failed
Files checked: 138
Suspect files: 0
Rootkits checked : 478
Possible rootkits: 0
All checks skipped
The system checks took: 1 minute and 26 seconds
All results have been written to the log file: /var/log/rkhunter/rkhunter.log
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter/rkhunter.log)
Expected results: when running #rkhunter --check from the terminal,
The relevant part of the log file:
[18:05:41] Info: Starting test name 'properties'
[18:05:41] Performing file properties checks
[18:05:41] Warning: Checking for prerequisites [ Warning ]
[18:05:41] All file hash checks will be skipped because:
[18:05:41] This system uses prelinking, but the hash function command does not look like SHA1 or MD5.
There are no other warnings in the logs.
Turns out that the missing modules were a red herring...
to /etc/rkhunter.conf to avoid using the default SHA256 checksum solves the issue.
Sort of. It still would be nice to get a clue about this, or having rkhunter working 'out of the box', tryinc to sync with what prelink does when it is used on the system.
I encountered the same issue ( i.e. "This system uses prelinking, but the hash function command does not look like SHA1 or MD5." ) but I solved it by just not using prelinking any more.
I'll give "HASH_CMD=sha1sum" a spin , too.
echo "HASH_CMD=sha1sum" >> /etc/rkhunter.conf.local solved the problem for me, too. Kevin, can you please add that as a default in rkhunter.conf ?
rkhunter-1.4.4-2.el6 has been submitted as an update to Fedora EPEL 6. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-bc4003cb37
rkhunter-1.4.4-2.el6 has been pushed to the Fedora EPEL 6 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-bc4003cb37
The solution "HASH_CMD=sha1sum" worked. Thank you, Iosif Fettich, for posting the fix.