Hi John,
> > > So I've gone into rkhunter.conf and defined this:
> > >
> > > SCRIPTDIR=/usr/local/lib64/rkhunter/scripts
> > >
> > > Yet even after this I still get the error:
> > >
> > > # rkhunter -c
> > > Script directory does not exist: /usr/local/lib/rkhunter/scripts
> > >
> > > and:
> > >
> > > # rkhunter --configfile /etc/rkhunter.conf -c
> > > Script directory does not exist: /usr/local/lib/rkhunter/scripts
> > >
> > > There doesn't seem to be any way around this without symlinking the
> > > /usr/local/lib and /usr/local/lib64 directories, which I shouldn't
> > > need to do ie. if the SCRIPTDIR setting isn't properly read by
> > > rkhunter, then it's a bug.
> >
> > I found the problem with this.
> >
> > When building from the spec file, there must be a process which adds the
> > following to the end of the rkhunter.conf file:
> >
> > INSTALLDIR=/usr/local
> > DBDIR=/var/lib/rkhunter/db
> > SCRIPTDIR=/usr/local/lib/rkhunter/scripts
> > TMPDIR=/var/lib/rkhunter/tmp
> >
> > ie. even though I had previously set the SCRIPTDIR value earlier in the conf
> > file, the latter SCRIPTDIR re-sets the variable thus causing the issue
> > above.
> >
> > So even though the issue above is solved, the scripts/process which sets
> > the 4
> > lines at the bottom of the rkhunter.conf file (when build from spec and
> > installing from RPM) is incorrect as it's not checking for the architecture
> > to
> > determine what it should put on the SCRIPTDIR line.
> >
> There's something odd going on here. First of all RKH was tested on
> 64-bit linux both as a standard script and when built from RPM. If I
> build the RPM it shows:
>
> Directory /var/tmp/rkhunter-1.3.0/usr/local/lib64/rkhunter/scripts:
> creating: OK.
Yep, I get the same thing:
# ll /usr/local/lib64/rkhunter/scripts/
total 36
-rwxr-x--- 1 root root 1816 Feb 23 10:01 check_modules.pl
-rwxr-x--- 1 root root 479 Feb 23 10:01 check_port.pl
-rwxr-x--- 1 root root 4617 Feb 23 10:01 check_update.sh
-rwxr-x--- 1 root root 306 Feb 23 10:01 filehashmd5.pl
-rwxr-x--- 1 root root 285 Feb 23 10:01 filehashsha1.pl
-rwxr-x--- 1 root root 2678 Feb 23 10:01 readlink.sh
-rwxr-x--- 1 root root 396 Feb 23 10:01 showfiles.pl
-rwxr-x--- 1 root root 3091 Feb 23 10:01 stat.pl
> If I list the rpm ('rpm -qlp ...') it shows:
>
> /usr/local/lib64/rkhunter
> /usr/local/lib64/rkhunter/scripts
> /usr/local/lib64/rkhunter/scripts/check_modules.pl
> /usr/local/lib64/rkhunter/scripts/check_port.pl
> /usr/local/lib64/rkhunter/scripts/check_update.sh
> /usr/local/lib64/rkhunter/scripts/filehashmd5.pl
> /usr/local/lib64/rkhunter/scripts/filehashsha1.pl
> /usr/local/lib64/rkhunter/scripts/readlink.sh
> /usr/local/lib64/rkhunter/scripts/showfiles.pl
> /usr/local/lib64/rkhunter/scripts/stat.pl
Same:
# rpm -qlp /usr/src/redhat/RPMS/noarch/rkhunter-1.3.0-1.noarch.rpm |grep lib64
/usr/local/lib64/rkhunter
/usr/local/lib64/rkhunter/scripts
/usr/local/lib64/rkhunter/scripts/check_modules.pl
/usr/local/lib64/rkhunter/scripts/check_port.pl
/usr/local/lib64/rkhunter/scripts/check_update.sh
/usr/local/lib64/rkhunter/scripts/filehashmd5.pl
/usr/local/lib64/rkhunter/scripts/filehashsha1.pl
/usr/local/lib64/rkhunter/scripts/readlink.sh
/usr/local/lib64/rkhunter/scripts/showfiles.pl
/usr/local/lib64/rkhunter/scripts/stat.pl
> If I install the RPM I get the directory installed correctly:
>
> ls -l /usr/local/lib64/rkhunter/scripts
> total 68
> -rwxr-x--- 1 root root 1816 2008-02-23 16:14 check_modules.pl
> -rwxr-x--- 1 root root 479 2008-02-23 16:14 check_port.pl
> ...
Same as shown above.
> and the config file is correct as well:
>
> SCRIPTDIR=/usr/local/lib64/rkhunter/scripts
Yeah, this is where we differ. The config file that got created for me ended
with:
INSTALLDIR=/usr/local
SCRIPTDIR=/usr/local/lib/rkhunter/scripts
DBDIR=/var/lib/rkhunter/db
TMPDIR=/var/lib/rkhunter/tmp
which was what was causing me the problems. I removed the SCRIPTDIR from above
so it could read the SCRIPTDIR earlier in the conf file that I had manually set.
> I can see no problems with the RPM spec file or the installer. What O/S
> are you using? Can you also check that you only have one config file
> installed on the system (perhaps use something like 'locate').
I'm using Scientific Linux 4.5 (a Red Hat Enterprise Linux 4 Update 5
derivative).
I'm done a search and /etc/rkhunter.conf is the only one around.
Prior to upgrading to 1.3.0, I used to use 1.2.9 which was installed frm the
installer.sh file (my server deployment scripts auto-install 1.2.9 using this
method). This meant that rkhunter 1.2.9 existed in /usr/local
I was careful to make sure I deleted all remnances of rkhunter 1.2.9 from
everywhere on the filesystem before I attempted to install 1.3.0 from RPM. I
did this on 6 other 32bit SL4.5 servers and had no problems. Only the two
64bit SL4.5 servers had this issue.
I have another six SL5.1 64bit servers still running 1.2.9 (also installed
from installer.sh) which I'll likely be upgrading some time next week,
although not identical to SL4.5 because they're still 64bit it'll be
interesting to see if I get the same problem.
Regards,
Michael.
> John.
>
> --
> ---------------------------------------------------------------
> John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
> E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
>
> -------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2008.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Rkhunter-users mailing list
> Rkhunter-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/rkhunter-users
------- End of Original Message -------
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
