Package: rkhunter Version: 1.4.2-0.4 Severity: normal Dear Maintainer,
The PORT_WHITELIST option related to the hidden_ports test seems to fail when an executable path name is specified. The documentation mentions the ability to filter by executable. I used the proposed sample option from the configuration file which fails with the following error: Invalid entry specified in PORT_WHITELIST configuration option: /home/user1/abc Invalid entry specified in PORT_WHITELIST configuration option: /opt/xyz Please note that the issue occurs as well with a valid executable: # rkhunter --enable-tests hidden_ports Invalid entry specified in PORT_WHITELIST configuration option: /bin/ls -- System Information: Debian Release: 8.1 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.14.10-Dalmat (SMP w/2 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: unable to detect Versions of packages rkhunter depends on: ii binutils 2.25-5 ii debconf [debconf-2.0] 1.5.56 ii file 1:5.22+15-2 ii net-tools 1.60-26+b1 ii perl 5.20.2-3+deb8u1 ii ucf 3.0030 Versions of packages rkhunter recommends: ii curl 7.38.0-4+deb8u2 ii iproute 1:3.16.0-2 ii lsof 4.86+dfsg-1 ii lynx 2.8.9dev1-2 ii postfix [mail-transport-agent] 2.11.3-1 ii unhide 20121229-1+b1 ii wget 1.16-1 Versions of packages rkhunter suggests: ii bsd-mailx [mailx] 8.1.2-0.20141216cvs-2 pn libdigest-whirlpool-perl <none> ii liburi-perl 1.64-1 ii libwww-perl 6.08-1 pn powermgmt-base <none> pn tripwire <none> -- Configuration Files: /etc/apt/apt.conf.d/90rkhunter changed: // Makes sure that rkhunter file properties database is updated after each remove or install only if hashes test is enabled DPkg::Post-Invoke { "if [ -x /usr/bin/rkhunter ] && ( ! grep -q -E '^DISABLE_TESTS=.*(hashes.*attributes|attributes.*hashes|properties)' /etc/rkhunter.conf || grep -q -E '^ENABLE_TESTS=.*(hashes|attributes|properties)' /etc/rkhunter.conf); then /usr/bin/rkhunter --propupd --nolog; fi" } /etc/default/rkhunter a7083f49a7dad11ce1ae4e5e20d00cf2 [Errno 2] Aucun fichier ou dossier de ce type: u'/etc/default/rkhunter a7083f49a7dad11ce1ae4e5e20d00cf2' /etc/rkhunter.conf changed: ROTATE_MIRRORS=1 UPDATE_MIRRORS=1 MIRRORS_MODE=0 MAIL-ON-WARNING="" MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}" TMPDIR=/var/lib/rkhunter/tmp DBDIR=/var/lib/rkhunter/db SCRIPTDIR=/usr/share/rkhunter/scripts BINDIR="/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/libexec /usr/local/libexec" UPDATE_LANG="" LOGFILE=/var/log/rkhunter.log APPEND_LOG=0 COPY_LOG_ON_ERROR=0 COLOR_SET2=0 AUTO_X_DETECT=1 WHITELISTED_IS_WHITE=0 ALLOW_SSH_ROOT_USER=no ALLOW_SSH_PROT_V1=0 ENABLE_TESTS="all" DISABLE_TESTS="suspscan hidden_procs deleted_files" SCRIPTWHITELIST=/bin/egrep SCRIPTWHITELIST=/bin/fgrep SCRIPTWHITELIST=/bin/which SCRIPTWHITELIST=/usr/bin/groups SCRIPTWHITELIST=/usr/bin/ldd SCRIPTWHITELIST=/usr/bin/lwp-request SCRIPTWHITELIST=/usr/sbin/adduser ALLOWHIDDENDIR=/dev/.udev ALLOWHIDDENDIR=/etc/.hg ALLOWHIDDENFILE=/dev/shm/.run-transition ALLOWPROCDELFILE=/usr/lib/dovecot/imap-login ALLOWPROCDELFILE=/usr/lib/dovecot/imap:/srv/Mails/**/dovecot.index ALLOWPROCDELFILE=/usr/lib/apache2/mpm-prefork/apache2:/run/apache2/ssl_mutex ALLOWPROCDELFILE=/usr/sbin/dovecot:/run/dovecot/login-master-n* ALLOWPROCDELFILE=/usr/sbin/mysqld:/tmp/ib* ALLOWPROCDELFILE=/bin/dash:/tmp/tmp* ALLOWPROCDELFILE=/bin/dash:/var/log/tt-rss* ALLOWPROCDELFILE=/usr/sbin/smbd:/var/log/samba/log* ALLOWPROCDELFILE=/usr/sbin/cron:/tmp/tmp* ALLOWPROCDELFILE=/bin/run-parts:/tmp/tmp* ALLOWPROCDELFILE=/usr/bin/php5:/var/lib/tt-rss/update_daemon.lock ALLOWPROCDELFILE=/usr/bin/php5:/var/log/tt-rss* ALLOWDEVFILE=/dev/shm/network/ifstate ALLOWDEVFILE=/dev/.udev/* ALLOWDEVFILE=/dev/.udev/*/* ALLOW_SYSLOG_REMOTE_LOGGING=0 SUSPSCAN_DIRS="/tmp /var/tmp" SUSPSCAN_TEMP=/dev/shm SUSPSCAN_MAXSIZE=10240000 SUSPSCAN_THRESH=200 PORT_WHITELIST="/home/user1/abc /opt/xyz TCP:2001 UDP:32011" USE_LOCKING=0 LOCK_TIMEOUT=300 SHOW_LOCK_MSGS=1 INSTALLDIR="/usr" -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org