Le 07/06/2025 à 19:11, Ricky Tigg a écrit :
Knowing now the context related to the LOGFILE key in the rkhunter.conf produced by the upstream project, I can at last
determine what has been done on Fedora's side.
"# The default value is '/var/log/rkhunter.log'.
#
LOGFILE=/var/log/rkhunter/rkhunter.log"
- No line addition took place
- line dedicated to the LOGFILE key uncommented
- New value for LOGFILE key defined
Worth indicating that the very act of defining a path as value for the LOGFILE key is to be conceived as making it a default
for the option '--logfile' while no log-file is being specified in command-line with respect to the creation of rkhunter.log.
> The key is now defined and this changes the path of log file. It's no more
the default path.
What happens? This "this changes the path of log file. It's no more the default
path" is not related to the context.
"As a result a log-file is created; its location is /var/log/rkhunter.log".
Explicit is the location though!
Even according to your very statement, it can be understood that the location where rkhunter.log is created is supposed to
match the LOGFILE key value - that is /var/log/rkhunter/rkhunter.log, not /var/log/rkhunter.log.
> In case where the path is not given on the command line AND the key is not defined in the file, the default path
(/var/log/rkhunter.log) will be used.
This too is not related to the context. The case obviously is that the '--logfile' file path is not specified and the LOGFILE
key value is defined. Despite that as already indicated the path the log-file is created in is /var/log/rkhunter.log while
supposed to be /var/log/rkhunter/rkhunter.log.
Can you conclude that there is no issue?
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
Hi,
Sorry I misread your post, I read "/var/log/rkhunter/rkhunter.log" there:
> As a result a log-file is created; its location is /var/log/rkhunter.log
At the start of "OPTIONS" section, man page says :
Some options can also be specified on the command-line, and these will *override**the equivalent configuration
file options. *
As a result when you put a "-l" or a "--logfile" alone on the command line (without file path), RKH initializes the path with
${DFLT_LOGFILE}, which equals to "/var/log/rkhunter.log", and overrides the rkhunter.conf LOGFILE parameter.
FWIW, that's around lines 21690 and 2250 in rkhunter file.
If you want the log file to be "/var/log/rkhunter/rkhunter.log" there are two
ways:
- add LOGFILE=/var/log/rkhunter/rkhunter.log" in rkhunter.conf *AND* *don't
put* -l/--logfile on the command line (it's implicit).
- put -l/--logfile "/var/log/rkhunter/rkhunter.log" on the command line. It
overrides the conf file option.
The man page isn't really false but is surely quite unclear.
Note: I put the RKH list back in recipients list.
Regards.
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
