On Thu, 2013-12-26 at 21:12 -0600, Josh Peacock wrote:
> Still having issue with SUSPSCAN_DIRS here is a chunk from a debug
> Looks like it has to do with the following line in rkhunter function
> get_option
>
> OPTVAR=`echo "${OPTVAR} " | awk 'BEGIN { RS="" }; END { print }'`
>
>
> Can you provide some more detail on what this line is doing? It seems
> to just return the list in Linux, but doesn't work at all in AIX.
>
Hi,
First of all thanks for testing this out, and debugging the problem! :-)
I am a bit surprised/confused though.
The awk BEGIN/END code is a simple way of using awk to split up text
when a blank line is seen. That is, given several paragraphs of text
separated by a blank line, then the above will return the last
paragraph. The BEGIN bit just sets the awk RS variable to the null
string. Awk then processes the input but does nothing (doesn't display
anything). The END bit then tells awk, at the very end, to print the
last record it saw - that is, the last paragraph.
We have to do this because RKH config options can be specified more than
once. But, with the introduction of the 'rkhunter.d' mechanism, users
must be able to tell RKH to ignore previous option values. This is done
by setting the option value to a null string. Hence it is perfectly
possible to end up with an option being set to several values, then a
null string, then a final value. We need to select *only* that final
value (which may or may not be on one or more lines in the config file).
Before anyone says we could have done it other ways, e.g. using sed, yes
there are no doubt many ways that are possible but we have to try and be
as generic as possible so that RKH works on both Linux and UNIX. Awk
seemed to be the way to do that.
Anyway... I took a look at some AIX man pages
(http://publib16.boulder.ibm.com/doc_link/en_US/a_doc_lib/cmds/aixcmds1/awk.htm)
and it does state in there that the BEGIN and END statements are known to AIX
awk. Actually if AIX awk didn't like them then I would expect some nasty error
message rather than it processing things normally but not printing anything
out. I also note that the RS variable can be set to null to cause records to be
separated by blank lines. (This is in the section on 'Special variables').
I suspect then that the BEGIN/END are fine in themselves, it's just that
setting RS="" is not working as expected.
Could you try using RS='' instead please (so single quotes instead of
double ones). And if that fails too, then just try setting RS= - with
nothing following it. Awk may complain about that, but I'm just having a
guess at the moment.
I'll have a think about this.
John.
--
----------------------------------------------------
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK Fax: +44 (0)1752 587001
------------------------------------------------------------------------------
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349831&iu=/4140/ostg.clktrk
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
