[Rkhunter-users] error on backdoorports.dat when using rkhunter --update

Davenport, Julie Fri, 25 Apr 2014 07:00:08 -0700

A few days ago, I did a yum update to upgrade the PHP version to 5.4.27 on one 
of my RHEL 5 servers.  After rebooting the server, I did "rkhunter -propupd" as 
I do after every reboot, and it worked, and then I tried to do "rkhunter 
-update" and it gave me the error seen below (Checking file backdoorports.dat   
                         [ Update failed ]).  Rkhunter is version 1.4.2.  I 
tried it again today and it still errors in the same place:


[root@ctc3650f ~]# rkhunter --propupd
[ Rootkit Hunter version 1.4.2 ]
File updated: searched for 170 files, found 143

[root@ctc3650f ~]# rkhunter --update
[ Rootkit Hunter version 1.4.2 ]
Checking rkhunter data files...
  Checking file mirrors.dat                                  [ No update ]
  Checking file programs_bad.dat                             [ No update ]
  Checking file backdoorports.dat                            [ Update failed ]
  Checking file suspscan.dat                                 [ No update ]
  Checking file i18n/cn                                      [ No update ]
  Checking file i18n/de                                      [ No update ]
  Checking file i18n/en                                      [ No update ]
  Checking file i18n/tr                                      [ No update ]
  Checking file i18n/tr.utf8                                 [ No update ]
  Checking file i18n/zh                                      [ No update ]
  Checking file i18n/zh.utf8                                 [ No update ]
Please check the log file (/var/log/rkhunter.log)
[root@ctc3650f ~]#

I have attached the /var/log/rkhunter.log.  I've never had any problems with 
this before.

These are the lines from the yum log of the change that was made on the server 
before I rebooted it:

Apr 21 16:42:18 Installed: mysqlclient15-5.0.90-2.el5.art.x86_64
Apr 21 16:42:18 Updated: php-common-5.4.27-33.el5.art.x86_64
Apr 21 16:42:18 Updated: php-pdo-5.4.27-33.el5.art.x86_64
Apr 21 16:42:18 Installed: libedit-3.0-2.20090923cvs.el5.art.x86_64
Apr 21 16:42:18 Updated: php-cli-5.4.27-33.el5.art.x86_64
Apr 21 16:42:18 Updated: php-5.4.27-33.el5.art.x86_64
Apr 21 16:42:19 Installed: mysql-libs-5.5.37-22.el5.art.x86_64
Apr 21 16:42:19 Updated: mysql-5.5.37-22.el5.art.x86_64
Apr 21 16:42:19 Updated: mysql-5.5.37-22.el5.art.i386
Apr 21 16:42:20 Updated: mysql-server-5.5.37-22.el5.art.x86_64
Apr 21 16:42:20 Updated: php-mysql-5.4.27-33.el5.art.x86_64

Could something in the PHP upgrade be causing the rkhunter update to fail on 
the backdoorports.dat data file?  We were required to upgrade the PHP by the 
department hosting our server, so I can't take it back down below 5.4.27.  Any 
suggestions on how to get the rkhunter update to work?

Other information on this server:

[root@ctc3650f ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.10 (Tikanga)

[root@ctc3650f ~]# uname -a
Linux ctc3650f.ctcd.org 2.6.18-371.8.1.el5 #1 SMP Fri Mar 28 05:53:58 EDT 2014 
x86_64 x86_64 x86_64 GNU/Linux
[root@ctc3650f ~]#

Many Thanks,
Julie

[root@ctc3650f ~]# cat /var/log/rkhunter.log
[14:25:50] Running Rootkit Hunter version 1.4.2 on ctc3650f
[14:25:50]
[14:25:50] Info: Start date is Thu Apr 24 14:25:50 CDT 2014
[14:25:50]
[14:25:50] Checking configuration file and command-line options...
[14:25:50] Info: Detected operating system is 'Linux'
[14:25:50] Info: Found O/S name: Red Hat Enterprise Linux Server release 5.10 
(Tikanga)
[14:25:50] Info: Command line is /usr/local/bin/rkhunter --update
[14:25:50] Info: Environment shell is /bin/bash; rkhunter is using bash
[14:25:50] Info: Using configuration file '/etc/rkhunter.conf'
[14:25:50] Info: Installation directory is '/usr/local'
[14:25:50] Info: Using language 'en'
[14:25:50] Info: Using '/var/lib/rkhunter/db' as the database directory
[14:25:50] Info: Using '/usr/local/lib64/rkhunter/scripts' as the support 
script directory
[14:25:50] Info: Using '/usr/kerberos/sbin /usr/kerberos/bin /usr/local/sbin 
/usr/local/bin /sbin /bin /usr/sbin /usr/bin /usr/libexec /usr/local/libexec' 
as the command directories
[14:25:50] Info: Using '/var/lib/rkhunter/tmp' as the temporary directory
[14:25:50] Info: X will be automatically detected
[14:25:50] Info: Found the 'basename' command: /bin/basename
[14:25:50] Info: Found the 'diff' command: /usr/bin/diff
[14:25:50] Info: Found the 'dirname' command: /usr/bin/dirname
[14:25:50] Info: Found the 'file' command: /usr/bin/file
[14:25:50] Info: Found the 'find' command: /usr/bin/find
[14:25:50] Info: Found the 'ifconfig' command: /sbin/ifconfig
[14:25:50] Info: Found the 'ip' command: /sbin/ip
[14:25:50] Info: Found the 'ipcs' command: /usr/bin/ipcs
[14:25:50] Info: Found the 'ldd' command: /usr/bin/ldd
[14:25:50] Info: Found the 'lsattr' command: /usr/bin/lsattr
[14:25:50] Info: Found the 'lsmod' command: /sbin/lsmod
[14:25:50] Info: Found the 'lsof' command: /usr/sbin/lsof
[14:25:50] Info: Found the 'mktemp' command: /bin/mktemp
[14:25:50] Info: Found the 'netstat' command: /bin/netstat
[14:25:50] Info: Found the 'perl' command: /usr/bin/perl
[14:25:50] Info: Found the 'pgrep' command: /usr/bin/pgrep
[14:25:50] Info: Found the 'ps' command: /bin/ps
[14:25:50] Info: Found the 'pwd' command: /bin/pwd
[14:25:50] Info: Found the 'readlink' command: /usr/bin/readlink
[14:25:50] Info: Found the 'stat' command: /usr/bin/stat
[14:25:50] Info: Found the 'strings' command: /usr/bin/strings
[14:25:50] Info: Found the 'wget' command: /usr/bin/wget
[14:25:50] Info: The mirrors file will be rotated
[14:25:50] Info: Both local and remote mirrors will be used
[14:25:50] Info: The mirrors file will be updated
[14:25:50] Info: Logging to log file: /var/log/rkhunter.log
[14:25:50] Info: Locking is not being used
[14:25:50]
[14:25:50] Checking rkhunter data files...
[14:25:50] Info: Created temporary file 
'/var/lib/rkhunter/tmp/rkhunter.upd.cssTY17212'
[14:25:51] Info: Created temporary file 
'/var/lib/rkhunter/tmp/mirrors.dat.CXFtT17248'
[14:25:51] Info: The mirrors file has been rotated: 
/var/lib/rkhunter/db/mirrors.dat
[14:25:51] Info: Executing download command '/usr/bin/wget  -q -O 
"/var/lib/rkhunter/tmp/rkhunter.upd.cssTY17212" 
http://rkhunter.sourceforge.net/1.3/mirrors.dat 2>/dev/null'
[14:25:51] Info: This version  : 2007060601
[14:25:51] Info: Latest version: 2007060601
[14:25:51] Checking file mirrors.dat                         [ No update ]
[14:25:51] Info: Executing download command '/usr/bin/wget  -q -O 
"/var/lib/rkhunter/tmp/rkhunter.upd.cssTY17212" 
http://rkhunter.sourceforge.net/1.3/programs_bad.dat 2>/dev/null'
[14:25:51] Info: This version  : 2010111601
[14:25:51] Info: Latest version: 2010111601
[14:25:51] Checking file programs_bad.dat                    [ No update ]
[14:25:51] Info: Executing download command '/usr/bin/wget  -q -O 
"/var/lib/rkhunter/tmp/rkhunter.upd.cssTY17212" 
http://rkhunter.sourceforge.net/1.3/backdoorports.dat 2>/dev/null'
[14:34:11] Warning: Download of 'backdoorports.dat' failed: Unable to determine 
the latest version number.
[14:34:11] Checking file backdoorports.dat                   [ Update failed ]
[14:34:11] Info: Executing download command '/usr/bin/wget  -q -O 
"/var/lib/rkhunter/tmp/rkhunter.upd.cssTY17212" 
http://rkhunter.sourceforge.net/1.3/suspscan.dat 2>/dev/null'
[14:34:11] Info: This version  : 2009112901
[14:34:11] Info: Latest version: 2009112901
[14:34:11] Checking file suspscan.dat                        [ No update ]
[14:34:11] Info: Executing download command '/usr/bin/wget  -q -O 
"/var/lib/rkhunter/tmp/rkhunter.upd.cssTY17212" 
http://rkhunter.sourceforge.net/1.3/i18n/1.4.2/i18n.ver 2>/dev/null'
[14:34:11] Info: This version  : 2009091601
[14:34:11] Info: Latest version: 2009091601
[14:34:11] Checking file i18n/cn                             [ No update ]
[14:34:11] Info: This version  : 2014010301
[14:34:11] Info: Latest version: 2014010301
[14:34:11] Checking file i18n/de                             [ No update ]
[14:34:11] Info: This version  : 2013112401
[14:34:11] Info: Latest version: 2013112401
[14:34:11] Checking file i18n/en                             [ No update ]
[14:34:11] Info: This version  : 2014030201
[14:34:11] Info: Latest version: 2014030201
[14:34:11] Checking file i18n/tr                             [ No update ]
[14:34:11] Info: This version  : 2014030201
[14:34:11] Info: Latest version: 2014030201
[14:34:11] Checking file i18n/tr.utf8                        [ No update ]
[14:34:11] Info: This version  : 2009091601
[14:34:11] Info: Latest version: 2009091601
[14:34:11] Checking file i18n/zh                             [ No update ]
[14:34:11] Info: This version  : 2009091601
[14:34:11] Info: Latest version: 2009091601
[14:34:11] Checking file i18n/zh.utf8                        [ No update ]
[14:34:11]
[14:34:11] Info: End date is Thu Apr 24 14:34:11 CDT 2014
[root@ctc3650f ~]#

------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform

_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

[Rkhunter-users] error on backdoorports.dat when using rkhunter --update

Reply via email to