  |
FreeBSD security run output (cron@/usr/local/etc/periodic/security/415.rkhunter)
Running rkhunter...
Warning: The file '/etc/passwd' exists on the system, but it is not present in the rkhunter.dat file.
http://permalink.gmane.org/gmane.comp.security.rkhunter.user/2584
the cron job running RKH uses a PATH which includes /etc and as such RKH sees /etc/passwd as a command (and so to be checked).
But when the user runs 'rkhunter --propupd' his PATH doesn't include /etc and so /etc/passwd is not recorded in the rkhunter.dat file.
USER_FILEPROP_FILES_DIRS="/etc/passwd"to your config file. RKH should then always see the file regardless of the PATH.
# rkhunter --propupd [ Rootkit Hunter version 1.3.8 ] File updated: searched for 167 files, found 115 # rkhunter --propupd /etc/passwd Filename is not in the "rkhunter.dat" file: /etc/passwd # env PATH=${PATH}:/etc rkhunter --propupd /etc/passwd Filename is not in the "rkhunter.dat" file: /etc/passwd # env PATH=${PATH}:/etc rkhunter --propupd [ Rootkit Hunter version 1.3.8 ] File updated: searched for 167 files, found 116 # env PATH=${PATH}:/etc rkhunter --propupd /etc/passwd [ Rootkit Hunter version 1.3.8 ] File updated: searched for 167 files, found 1 of 116 # rkhunter --propupd /etc/passwd [ Rootkit Hunter version 1.3.8 ] File updated: searched for 167 files, found 0 of 115 # rkhunter --propupd /etc/passwd Filename is not in the "rkhunter.dat" file: /etc/passwd
# rkhunter --propupd [ Rootkit Hunter version 1.3.8 ] File updated: searched for 167 files, found 115 # echo 'USER_FILEPROP_FILES_DIRS="/etc/passwd"' >> /usr/local/etc/rkhunter.conf # rkhunter --propupd /etc/passwd Filename is not in the "rkhunter.dat" file: /etc/passwd # env PATH=${PATH}:/etc rkhunter --propupd /etc/passwd Filename is not in the "rkhunter.dat" file: /etc/passwd # rkhunter --propupd [ Rootkit Hunter version 1.3.8 ] File updated: searched for 167 files, found 116 pen4# rkhunter --propupd /etc/passwd [ Rootkit Hunter version 1.3.8 ] File updated: searched for 167 files, found 1 of 116
8
