Hi,
my package come from Debian repository
(https://packages.debian.org/jessie/rkhunter),
based on the test made by G.W. Haywood I downloaded rkhunter source from
Sourceforge and I made a diff from my local rkhunter scrtipt (/usr/bin/rkhunter)
and mirror.dat file (/var/lib/rkhunter/db/mirrors.dat) with the correspondent
source files, the result was:
diff /usr/bin/rkhunter /tmp/rk/sourceforge/rkhunter-1.4.2/files/rkhunter
13967c13967
< if [ `LANG=C ${IPCS_CMD} -u 2>/dev/null | awk -F' '
'/segments allocated/ {print $3}'` -ne 0 ]; then
---
> if [ `${IPCS_CMD} -u 2>/dev/null | awk -F' '
'/segments allocated/ {print $3}'` -ne 0 ]; then
diff /var/lib/rkhunter/db/mirrors.dat
/tmp/rk/sourceforge/rkhunter-1.4.2/files/mirrors.dat
2a3
> mirror=http://rkhunter.sourceforge.net
Finding for "1.3" or "1.4" string:
> grep -n "1\.[34]" /usr/bin/rkhunter
7256: MIRROR="${MIRROR}/1.3"
7681: # E.g. '1.2.10' => 10210, '1.3.2' => 10302.
8898: # Superkit Rootkit (Suckit 1.3b-based)
18331:PROGRAM_version="1.4.2"
I hope this can help to understand my question
On 25/05/2015 13:18, G.W. Haywood wrote:
> Hi there,
>
> On Mon, 25 May 2015, John Horne wrote:
>
>> ...
>> The directory to use on the mirrors is hardcoded in the RKH program.
>> Hence versions 1.4.x will always use the '1.4' directory. If your
>> version 1.4.x of rkhunter is looking at the 1.3 directory then something
>> is corrupt.
> After reading the above I downloaded rkhunter again and installed it
> standalone under /tmp. Unless I'm missing something, the version of
> rkhunter (1.4.2) currently on sourceforge uses the 1.3 directory.
>
> laptop3:/tmp/rkh/rkhunter-1.4.2/files# >>> grep "1\.[34]" rkhunter.log
> [12:16:58] Running Rootkit Hunter version 1.4.2 on laptop3
> [12:16:58] Info: Using configuration file
> '/tmp/rkh/rkhunter-1.4.2/files/rkhunter.conf'
> [12:16:58] Info: Installation directory is '/tmp/rkh/rkhunter-1.4.2/files'
> [12:16:58] Info: Using '/tmp/rkh/rkhunter-1.4.2/files' as the database
> directory
> [12:16:58] Info: Using '/tmp/rkh/rkhunter-1.4.2/files' as the support script
> directory
> [12:16:58] Info: Using '/tmp/rkh/rkhunter-1.4.2/files' as the temporary
> directory
> [12:16:58] Info: Logging to log file:
> /tmp/rkh/rkhunter-1.4.2/files/rkhunter.log
> [12:16:58] Info: Created temporary file
> '/tmp/rkh/rkhunter-1.4.2/files/rkhunter.vc.Oj6au0bVhU'
> [12:16:58] This version : 1.4.2
> [12:16:58] Info: Created temporary file
> '/tmp/rkh/rkhunter-1.4.2/files/mirrors.dat.ET63yJQoHG'
> [12:16:58] Info: The mirrors file has been rotated:
> /tmp/rkh/rkhunter-1.4.2/files/mirrors.dat
> [12:16:58] Info: Executing download command '/usr/bin/wget -q -O
> "/tmp/rkh/rkhunter-1.4.2/files/rkhunter.vc.Oj6au0bVhU"
> http://rkhunter.sourceforge.net/1.3/rkhunter_latest.dat 2>/dev/null'
> [12:16:59] Latest version: 1.4.2
> laptop3:/tmp/rkh/rkhunter-1.4.2/files# >>> grep "1\.[34]" rkhunter
> MIRROR="${MIRROR}/1.3"
> # E.g. '1.2.10' => 10210, '1.3.2' => 10302.
> # Superkit Rootkit (Suckit 1.3b-based)
> PROGRAM_version="1.4.2"
> if [ -f /tmp/rkh/rkhunter-1.4.2/files/rkhunter.conf ]; then
> CONFIGFILE="/tmp/rkh/rkhunter-1.4.2/files/rkhunter.conf"
>
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
