OK found it...seems like a bug to me...the default /etc/rkhunter.conf has
these lines in it
#
# Specify the command directories to be checked. This is a
# space-separated list of directories.
#
#BINDIR="/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin
/usr/libexec /usr/local/libexec"
BINDIR="/usr/sbin"
Note that says "command directories to be checked"...however if I add /bin
to that
BINDIR="/bin /usr/sbin"
it works again. It seems like a bug to me that if I want to check only say
/usr/local/libexec then that breaks rkhunter.
rkhunter should not IMO be using that setting to determine where awk is.
But maybe this is just a doc bug and "Specify the command directories to be
checked" wasn't what was meant.
Just in case I had something else messed up here's my conf when it is nogo:
# egrep -v "^#|^$" /etc/rkhunter.conf
INSTALLDIR=/usr
ROTATE_MIRRORS=1
UPDATE_MIRRORS=1
MIRRORS_MODE=0
MAIL-ON-WARNING=""
MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}"
TMPDIR=/var/lib/rkhunter/tmp
DBDIR=/var/lib/rkhunter/db
SCRIPTDIR=/usr/lib/rkhunter/scripts
BINDIR="/usr/sbin"
LOGFILE=/var/log/rkhunter.log
APPEND_LOG=0
COLOR_SET2=0
AUTO_X_DETECT=0
ALLOW_SSH_ROOT_USER=no
ALLOW_SSH_PROT_V1=0
ENABLE_TESTS="all"
DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps"
ALLOWHIDDENDIR=/dev/.udev
ALLOW_SYSLOG_REMOTE_LOGGING=0
SUSPSCAN_DIRS="/tmp /var/tmp"
SUSPSCAN_TEMP=/dev/shm
SUSPSCAN_MAXSIZE=10240000
SUSPSCAN_THRESH=200
Thanks to John Horne for pointing me in the right direction
On Wed, Aug 11, 2010 at 9:22 AM, Jonny Kent <jonnyk...@gmail.com> wrote:
>
>
> On Wed, Aug 11, 2010 at 3:09 AM, John Horne <john.ho...@plymouth.ac.uk>wrote:
>
>> On Tue, 2010-08-10 at 22:06 -0700, Jonny Kent wrote:
>> > Hello,
>> >
>> > I'm running
>> > # rkhunter --version
>> > Rootkit Hunter 1.3.4
>> >
>> > on gentoo linux hardened 2.6.32
>> >
>> > when I try almost any command (except --version) with rkhunter it
>> > gives the error:
>> > The command 'awk' must be present on the system in order to run
>> > rkhunter.
>> >
>> RKH requires certain commands in order to run. Awk is one of them. It
>> may seem odd but is /bin in your root $PATH?
>>
>> If you still get errors, then can you run 'rkhunter --versioncheck --vl'
>> and then email me the log file (/var/log/rkhunter.log). Thanks.
>>
>> >
>> > I figure that maybe I need to run rkhunter --propupd
>> >
>> Nope, that's got nothing to do with it.
>>
>>
>>
>> John.
>>
>> --
>> John Horne Tel: +44 (0)1752 587287
>> University of Plymouth, UK Fax: +44 (0)1752 587001
>>
>>
> Thanks. That seems to be in order:
>
> # echo $PATH
> /sbin:/bin:/usr/sbin:/usr/bin
> I'd like to send the log file but sadly we can't get that far...
> # rkhunter --versioncheck --vl
>
> The command 'awk' must be present on the system in order to run rkhunter.
>
>
------------------------------------------------------------------------------
This SF.net email is sponsored by
Make an app they can't live without
Enter the BlackBerry Developer Challenge
http://p.sf.net/sfu/RIM-dev2dev
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
