Package: samhain Version: 4.1.4-2 Severity: important When samhain database is renamed or moved from /var/lib/samhain the script /etc/init.d/samhain tries to execute 'samhain -t init' and then fails anyway as database is re-created in different location. Instead of using hard-coded path of /var/lib/samhain/samhain_file a check of config file should be done - something like 'cat /etc/samhain/samhainrc | grep ^SetDatabasePath | sed s/SetDatabasePath=//' to check if database path is redefined.
-- System Information: Debian Release: buster/sid APT prefers testing APT policy: (1000, 'testing'), (50, 'unstable'), (20, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 4.11.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to C.UTF-8) Shell: /bin/sh linked to /bin/dash Init: unable to detect Versions of packages samhain depends on: ii debconf [debconf-2.0] 1.5.61 ii libauparse0 1:2.7.7-1+b1 ii libc6 2.24-12 ii libgcrypt20 1.7.8-1 ii libgnutls30 3.5.13-2 ii libpcre3 2:8.39-3 ii libprelude2 1.0.0-11.9 ii zlib1g 1:1.2.8.dfsg-5 samhain recommends no packages. samhain suggests no packages. -- Configuration Files: /etc/init.d/samhain [Errno 13] Permission denied: '/etc/init.d/samhain' /etc/samhain/samhainrc changed: [Misc] [ReadOnly] dir = 0/ [Attributes] file = /tmp file = /dev file = /proc file = /sys file = /run [IgnoreAll] file = /mnt [ReadOnly] dir = 99/bin dir = 99/sbin dir = 99/lib dir = 99/root dir = 99/usr [Attributes] file = /etc/samhain/samhaindb [ReadOnly] dir = 99/boot [ReadOnly] dir = 99/etc [Attributes] file = /etc/mtab file = /etc/resolv.conf [ReadOnly] dir = 0/home/ [ReadOnly] dir = 99/var [IgnoreAll] dir = -1/var/cache dir = -1/var/backups dir = -1/var/lib/dhcp dir = -1/var/lock dir = -1/var/mail dir = -1/var/run dir = -1/var/spool dir = -1/var/tmp dir = 99/var/lib/systemd/rfkill dir = -1/var/lib/systemd/timers file = /var/lib/systemd/random-seed file = /var/lib/systemd/clock dir = -1/var/lib/NetworkManager [Attributes] dir = 99/var/lib/selinux/default file = /var/lib/apt/lists/lock file = /var/lib/apt/lists/partial file = /var/lib/apt/extended_states file = /var/lib/apt/daily_lock file = /var/lib/aptitude/pkgstates file = /var/lib/aptitude/pkgstates.old file = /var/lib/dpkg/lock file = /var/lib/tor/state file = /var/log/lastlog file = /var/lib/apt/lists/vwakviie2ienjx6t.onion_debian_dists_*_InRelease file = /var/lib/dpkg/triggers/Lock file = /var/lib/dpkg/status* file = /var/lib/tor/lock file = /var/lib/tor/cached-microdescs.new [GrowingLogFiles] dir = 99/var/log [Misc] IgnoreAdded = /var/lib/apt/extended_states* IgnoreMissing = /var/lib/apt/extended_states* IgnoreAdded = /var/lib/aptitude/pkgstates.* IgnoreMissing = /var/lib/aptitude/pkgstates.* IgnoreAdded = /var/lib/dpkg/status-* IgnoreMissing = /var/lib/dpkg/status-* IgnoreAdded = /var/lib/aptitude/pkgstates* IgnoreMissing = /var/lib/aptitude/pkgstates* IgnoreMissing = /var/lib/apt/lists/partial/.apt-acquire-privs-test.* IgnoreMissing = /var/lib/dpkg/updates/tmp.i IgnoreAdded = /var/lib/tor/state* IgnoreMissing = /var/lib/tor/state* [IgnoreNone] [Prelink] [User0] [User1] [EventSeverity] SeverityReadOnly = alert SeverityLogFiles = err SeverityGrowingLogs = info SeverityIgnoreNone = crit SeverityAttributes = crit SeverityUser0 = crit SeverityUser1 = crit SeverityIgnoreAll = info SeverityFiles=crit SeverityDirs=crit SeverityNames=warn [Log] MailSeverity=none PrintSeverity=none LogSeverity=none SyslogSeverity=err ExportSeverity=none ExternalSeverity = none DatabaseSeverity = none PreludeSeverity = none [SuidCheck] SuidCheckActive = yes SuidCheckInterval = 86400 SuidCheckExclude = NULL SuidCheckYield = yes SeveritySuidCheck = crit SuidCheckQuarantineFiles = no [Utmp] LoginCheckActive = False [Misc] SetDatabasePath=/etc/samhain/samhaindb Daemon = yes ChecksumTest=check SetLoopTime = 600 SetFileCheckTime = 7200 ReportOnlyOnce = True UseLocalTime = Yes UseHardlinkCheck = True UseAclCheck = True UseSelinuxCheck = True LooseDirCheck = True HideSetup = True SyslogFacility=LOG_LOCAL2 [Mounts] MountCheckActive = True MountCheckInterval = 600 SeverutyMountMissing = err SeverutyOptionMissing = crit checkmount = / ro,nodev checkmount = /home nosuid,nodev checkmount = /var nodev [ProcessCheck] ProcessCheckActive = False SeverityProcessCheck = crit ProcessCheckInterval = 300 [UserFiles] UserfilesActive = 1 UserfilesCheckUids = 1000,1001,1002 UserfilesName = .bashrc readonly UserfilesName = .bash_logout readonly UserfilesName = .profile readonly [PortCheck] PortCheckActive = no SeverityPortCheck = crit PortCheckInterval = 300 PortCheckRequired = 127.0.0.1:19040/tcp, 127.0.0.1:19041/tcp, 127.0.0.1:19053/udp, 127.0.0.53:53/udp, 68/udp PortCheckOptional = 127.0.0.1:37871/tcp [LogMon] LogMonActive = yes LogMonInterval = 10 [Inotify] InotifyActive = yes [EOF] -- debconf information: * samhain/init-log:

