Bonjour à tou·te·s,
Je ne parviens plus à mettre à jour rkhunter depuis quelques semaines.
Je suis sous Debian 8 (infos noyau : Linux 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2+deb8u2 (2017-06-26)).
Message d’erreur
$ rkhunter --update
Invalid WEB_CMD configuration option: Relative pathname: "/bin/false"
Aperçu du log
Si je commente la ligne WEB_CMD dans ma config rkhunter, je dispose de l’historique suivant :
$ cat /var/log/rkhunter.log
[18:30:39] Running Rootkit Hunter version 1.4.2 on muchos-laptop
[18:30:39]
[18:30:39] Info: Start date is samedi 12 août 2017, 18:30:39 (UTC+0200)
[18:30:39]
[18:30:39] Checking configuration file and command-line options...
[18:30:39] Info: Detected operating system is 'Linux'
[18:30:39] Info: Found O/S name: Debian 8.5
[18:30:39] Info: Command line is /usr/bin/rkhunter --update
[18:30:39] Info: Environment shell is /bin/bash; rkhunter is using dash
[18:30:39] Info: Using configuration file '/etc/rkhunter.conf'
[18:30:39] Info: Installation directory is '/usr'
[18:30:39] Info: Using language 'en'
[18:30:39] Info: Using '/var/lib/rkhunter/db' as the database directory
[18:30:39] Info: Using '/usr/share/rkhunter/scripts' as the support script directory
[18:30:39] Info: Using '/usr/local/sbin /usr/local/bin /usr/sbin /usr/bin /sbin /bin' as the command directories
[18:30:39] Info: Using '/var/lib/rkhunter/tmp' as the temporary directory
[18:30:39] Info: X will be automatically detected
[18:30:39] Info: Using second color set
[18:30:39] Info: Found the 'basename' command: /usr/bin/basename
[18:30:39] Info: Found the 'diff' command: /usr/bin/diff
[18:30:39] Info: Found the 'dirname' command: /usr/bin/dirname
[18:30:39] Info: Found the 'file' command: /usr/bin/file
[18:30:39] Info: Found the 'find' command: /usr/bin/find
[18:30:39] Info: Found the 'ifconfig' command: /sbin/ifconfig
[18:30:39] Info: Found the 'ip' command: /sbin/ip
[18:30:39] Info: Found the 'ipcs' command: /usr/bin/ipcs
[18:30:39] Info: Found the 'ldd' command: /usr/bin/ldd
[18:30:39] Info: Found the 'lsattr' command: /usr/bin/lsattr
[18:30:39] Info: Found the 'lsmod' command: /sbin/lsmod
[18:30:39] Info: Found the 'lsof' command: /usr/bin/lsof
[18:30:39] Info: Found the 'mktemp' command: /bin/mktemp
[18:30:39] Info: Found the 'netstat' command: /bin/netstat
[18:30:39] Info: Found the 'perl' command: /usr/bin/perl
[18:30:39] Info: Found the 'pgrep' command: /usr/bin/pgrep
[18:30:39] Info: Found the 'ps' command: /bin/ps
[18:30:39] Info: Found the 'pwd' command: /bin/pwd
[18:30:39] Info: Found the 'readlink' command: /bin/readlink
[18:30:39] Info: Found the 'stat' command: /usr/bin/stat
[18:30:39] Info: Found the 'strings' command: /usr/bin/strings
[18:30:40] Info: Found the 'wget' command: /usr/bin/wget
[18:30:40] Info: The mirrors file will be rotated
[18:30:40] Info: Only local mirrors will be used
[18:30:40] Info: The mirrors file will not be updated
[18:30:40] Info: Logging to log file: /var/log/rkhunter.log
[18:30:40] Info: Locking is not being used
[18:30:40]
[18:30:40] Checking rkhunter data files...
[18:30:40] Info: Created temporary file '/var/lib/rkhunter/tmp/rkhunter.upd.yELNxP0U3f'
[18:30:40] Checking file mirrors.dat [ Skipped ]
[18:30:40] Info: The mirrors file has no required mirrors in it: /var/lib/rkhunter/db/mirrors.dat
[18:30:40] Warning: Download of 'programs_bad.dat' failed: Unable to determine the latest version number.
[18:30:40] Checking file programs_bad.dat [ Update failed ]
[18:30:40] Info: The mirrors file has no required mirrors in it: /var/lib/rkhunter/db/mirrors.dat
[18:30:40] Warning: Download of 'backdoorports.dat' failed: Unable to determine the latest version number.
[18:30:40] Checking file backdoorports.dat [ Update failed ]
[18:30:40] Info: The mirrors file has no required mirrors in it: /var/lib/rkhunter/db/mirrors.dat
[18:30:40] Warning: Download of 'suspscan.dat' failed: Unable to determine the latest version number.
[18:30:40] Checking file suspscan.dat [ Update failed ]
[18:30:40] Info: The mirrors file has no required mirrors in it: /var/lib/rkhunter/db/mirrors.dat
[18:30:40] Checking file i18n versions [ Update failed ]
[18:30:40] Warning: Download of 'i18n.ver' failed: Unable to determine the latest version number.
[18:30:40]
[18:30:40] Info: End date is samedi 12 août 2017, 18:30:40 (UTC+0200)
En ligne
J’ai trouvé quelqu’un avec un problème similaire, récemment reporté. Une réponse est donnée, mais je ne la comprends pas.
Merci d’avance de vos éclaircissements, et bonne semaine.
# /etc/rkhunter.conf
Posté par Lol Zimmerli (site web personnel, Mastodon) . Évalué à 2.
Si tu cherches 'false' dans /etc/rkhunter.conf, ça donne quoi?
La gelée de coings est une chose à ne pas avaler de travers.
[^] # Re: /etc/rkhunter.conf
Posté par muchos (site web personnel) . Évalué à 1.
Merci @Lol Zimmerli.
False apparait dans 3 commentaires et dans la ligne citée plus haut :
The supplied configuration file has some tests already disabled, and these are tests that will be used only occasionally, can be considered 'advanced' or that are prone to produce more than the average number of false-positives.
[…]
Please do not enable the 'suspscan' test by default as it is CPU and I/O intensive, and prone to producing false positives.
[…]
Do not use a directory name that is listed in SUSPSCAN_DIRS as that is highly likely to cause false-positive results.
[…]
WEB_CMD="/bin/false"
Debug the Web together.
[^] # Re: /etc/rkhunter.conf
Posté par B r u n o (site web personnel) . Évalué à 2.
Regarde ici : http://community.ovh.com/t/rkhunter-parametre-web-cmd-invalide/3797
Il semble que c'est le même problème, cela fait référence à une mise à jour de sécurité qui désactive les màj distantes.
[^] # Re: /etc/rkhunter.conf
Posté par muchos (site web personnel) . Évalué à 1.
Merci @B r u n o ! C’est exactement cela.
Ma version de rkhunter étant corrigée, j’ai remis les paramètres modifiés par la mise à jour de sécurité à leurs valeurs par défaut ou d’origine ; c’est-à-dire :
UPDATE_MIRRORS=1
MIRRORS_MODE=0
WEB_CMD=""
La mise à jour fonctionne de nouveau désormais.
Debug the Web together.
Suivre le flux des commentaires
Note : les commentaires appartiennent à celles et ceux qui les ont postés. Nous n’en sommes pas responsables.