tags 740729 + patch thanks The issue appears to be that rkhunter is looking up the key "NETWORK_PORTS_DISABLE_PATHS" in its i18n files when the lsof command isn't installed, and the builtin "display" function throws this error for an unknown i18n keyword.
A simple patch to the en i18n file to add this keyword is attached. This isn't applicable in rkhunter 1.4.2 (hence the author's recommendation to upgrade I suppose), as the port checks have been rewritten and no longer report this error condition. A simple workaround is to install lsof. -- Dominic Cleal [email protected]
--- /var/lib/rkhunter/db/i18n/en.orig 2014-03-30 16:23:07.000000000 +0000 +++ /var/lib/rkhunter/db/i18n/en 2014-03-30 16:23:25.000000000 +0000 @@ -565,6 +565,7 @@ NETWORK_PORTS_FILE_NOTAFILE:The file of known backdoor ports is not a file: $1 NETWORK_PORTS_UNKNOWN_NETSTAT:All backdoor port checks skipped. NETWORK_PORTS_UNKNOWN_NETSTAT:Unknown netstat command format with this O/S. +NETWORK_PORTS_DISABLE_PATHS:Disabling pathnames and '*' in PORT_WHITELIST setting: no 'lsof' command present. NETWORK_PORTS_ENABLE_TRUSTED:Trusted pathnames are enabled for port whitelisting. NETWORK_PORTS_BACKDOOR_CHK:Checking for $1 port $2 NETWORK_PORTS_PATH_WHITELIST:Network $1 port $2 is being used by $3: the pathname is whitelisted.
_______________________________________________ forensics-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
