rkhunter-1.4.2 does not run after install due to the default configuration file having missing, erroneous and commented out entries. Kernel: 9.3-PRERELEASE FreeBSD 9.3-PRERELEASE #4: Thu Jul 10 00:17:20 PDT 2014 problem files: /usr/local/etc/rkhunter.conf /usr/local/etc/rkhunter.conf.sample Both the binary pkg and the installed port in the port tree exhibit the problem. INSTALLDIR is missing SCRIPTDIR is commented out TMPDIR is commented out and points to the wrong directory DBDIR is commented out and points to the wrong directory PATCH: 157c157 < #TMPDIR=/var/lib/rkhunter/tmp --- > TMPDIR=/usr/local/var/lib/rkhunter/tmp 166c166 < #DBDIR=/var/lib/rkhunter/db --- > DBDIR=/usr/local/var/lib/rkhunter/db 174c174 < #SCRIPTDIR=/usr/local/lib/rkhunter/scripts --- > SCRIPTDIR=/usr/local/lib/rkhunter/scripts 193a194,195 > INSTALLDIR=/usr/local >
There is more - rkhunter.conf and rkhunter.conf.sample has uncommented SCRIPTWHITELIST=/usr/local/bin/GET. This file is not present in 9.2-R or 10.0-R, and rkhunter is very unhappy about this: # md5 /usr/local/etc/rkhunter.conf.sample /usr/local/etc/rkhunter.conf MD5 (/usr/local/etc/rkhunter.conf.sample) = 3a0576cfd6e7f7b37afb1f45e7feeca2 MD5 (/usr/local/etc/rkhunter.conf) = 3a0576cfd6e7f7b37afb1f45e7feeca2 # cat /usr/local/etc/rkhunter.conf.local INSTALLDIR=/usr/local DBDIR=/usr/local/var/lib/rkhunter/db SCRIPTDIR=/usr/local/lib/rkhunter/scripts TMPDIR=/usr/local/var/lib/rkhunter/tmp # rkhunter --propupd Invalid SCRIPTWHITELIST configuration option: Non-existent pathname: /usr/local/bin/GET # uname -a FreeBSD jinx.freebsd.systems 10.0-RELEASE-p7 FreeBSD 10.0-RELEASE-p7 #0: Tue Jul 8 06:37:44 UTC 2014 root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC amd64
fyi - this port is not maintained, so without a patch probably nothing is going to happen
patch is in the OP
(In reply to Gerard J. Cerchio from comment #3) > patch is in the OP That's a fragment, not a patch. Please submit your patch as an attachment, created with diff(1), that shows which files are being modified. See http://www.freebsd.org/doc/en_US.ISO8859-1/articles/problem-reports/pr-writing.html#pr-writing-attaching-patches for details.
(In reply to Adam Weinberger from comment #4) > (In reply to Gerard J. Cerchio from comment #3) > > patch is in the OP > > That's a fragment, not a patch. > > Please submit your patch as an attachment, created with diff(1), that shows > which files are being modified. See > http://www.freebsd.org/doc/en_US.ISO8859-1/articles/problem-reports/pr- > writing.html#pr-writing-attaching-patches for details. Hi Adam, Unfortunately I have no idea how to find the rkhunter source tree used by FreeBSD. The best I could do for now is provide you with the diff -u outputs. They are probably not performed correctly so I will not attach them. I found the original files in /var/ports/basejail/usr/ports/security/rkhunter/work/stage/usr/local/etc so here are the difs performed in the work directory tree: diff -u rkhunter.conf.sample /usr/local/etc/rkhunter.conf --- rkhunter.conf.sample 2014-06-14 08:47:10.000000000 -0700 +++ /usr/local/etc/rkhunter.conf 2014-07-12 07:41:35.000000000 -0700 @@ -154,7 +154,7 @@ # subsequently commented out or removed, then the program will assume a # default directory beneath the installation directory. # -#TMPDIR=/var/lib/rkhunter/tmp +TMPDIR=/usr/local/var/lib/rkhunter/tmp # # This option specifies the database directory to use. @@ -163,7 +163,7 @@ # subsequently commented out or removed, then the program will assume a # default directory beneath the installation directory. # -#DBDIR=/var/lib/rkhunter/db +DBDIR=/usr/local/var/lib/rkhunter/db # # This option specifies the script directory to use. @@ -171,7 +171,7 @@ # The installer program will set the default directory. If this default is # subsequently commented out or removed, then the program will not run. # -#SCRIPTDIR=/usr/local/lib/rkhunter/scripts +SCRIPTDIR=/usr/local/lib/rkhunter/scripts # # This option can be used to modify the command directory list used by rkhunter @@ -191,6 +191,8 @@ #BINDIR=/bin /usr/bin /sbin /usr/sbin #BINDIR=+/usr/local/bin +/usr/local/sbin +INSTALLDIR=/usr/local + # # This option specifies the default language to use. This should be similar to # the ISO 639 language code. diff -u rkhunter.conf /usr/local/etc/rkhunter.conf --- rkhunter.conf 2014-06-14 08:47:10.000000000 -0700 +++ /usr/local/etc/rkhunter.conf 2014-07-12 07:41:35.000000000 -0700 @@ -154,7 +154,7 @@ # subsequently commented out or removed, then the program will assume a # default directory beneath the installation directory. # -#TMPDIR=/var/lib/rkhunter/tmp +TMPDIR=/usr/local/var/lib/rkhunter/tmp # # This option specifies the database directory to use. @@ -163,7 +163,7 @@ # subsequently commented out or removed, then the program will assume a # default directory beneath the installation directory. # -#DBDIR=/var/lib/rkhunter/db +DBDIR=/usr/local/var/lib/rkhunter/db # # This option specifies the script directory to use. @@ -171,7 +171,7 @@ # The installer program will set the default directory. If this default is # subsequently commented out or removed, then the program will not run. # -#SCRIPTDIR=/usr/local/lib/rkhunter/scripts +SCRIPTDIR=/usr/local/lib/rkhunter/scripts # # This option can be used to modify the command directory list used by rkhunter @@ -191,6 +191,8 @@ #BINDIR=/bin /usr/bin /sbin /usr/sbin #BINDIR=+/usr/local/bin +/usr/local/sbin +INSTALLDIR=/usr/local + # # This option specifies the default language to use. This should be similar to # the ISO 639 language code. @@ -1231,9 +1233,3 @@ # #EMPTY_LOGFILES="" #MISSING_LOGFILES="" - -INSTALLDIR=/usr/local -DBDIR=/usr/local/var/lib/rkhunter/db -SCRIPTDIR=/usr/local/lib/rkhunter/scripts -TMPDIR=/usr/local/var/lib/rkhunter/tmp -USER_FILEPROP_FILES_DIRS=/usr/local/etc/rkhunter.conf I hope this helps you create the patch.
cd /usr/ports/security/rkhunter make patch cd work/rkhunter-1.4.2 files/rkhunter.conf already has a patch, so there's already an .orig modify files/rkhunter.conf, then A) cd /usr/ports/security/rkhunter && make makepatch or B) diff -u files/rkhunter.conf.orig files/rkhunter.conf > patch-files__rkhunter.conf That's basically how to do it.
Created attachment 145328 [details] Correct the rkhunter paths for FreeBSD
(In reply to John Marino from comment #6) > cd /usr/ports/security/rkhunter > make patch > cd work/rkhunter-1.4.2 > > files/rkhunter.conf already has a patch, so there's already an .orig > modify files/rkhunter.conf, then > A) cd /usr/ports/security/rkhunter && make makepatch > or B) diff -u files/rkhunter.conf.orig files/rkhunter.conf > > patch-files__rkhunter.conf > > That's basically how to do it. Thanks John, I used option B: diff -u files/rkhunter.conf.orig /usr/local/etc/rkhunter.conf > /tmp/patch-files__rkhunter.conf I attached it to the bug....
Gerard, would you like to become the new maintainer of rkhunter?
(In reply to Carlo Strub from comment #9) > Gerard, would you like to become the new maintainer of rkhunter? If Gerard won't do it I'll give it a shot.
Fair enough. You guys sort that out. Can anyone of you confirm that the attached patch is complete and working? Then, I'll be happy to commit it.
After being a user for almost a decade, and one of the original MH UNIX V crew, I would be very proud to become a FreeBSD contributor. However my plate is just a bit too full right now and Lukasz appears to have a much better handle on rkhunter than I have. Good luck Lukasz!
(In reply to Gerard J. Cerchio from comment #12) > After being a user for almost a decade, and one of the original MH UNIX V > crew, I would be very proud to become a FreeBSD contributor. > > However my plate is just a bit too full right now and Lukasz appears to have > a much better handle on rkhunter than I have. > > Good luck Lukasz! Thank you Gerard. I'll test the patch ASAP.
Created attachment 145707 [details] Updated Gerard's patch for rkhunter 1.4.2 This is extended Gerard's patch: - added some FreeBSD defaults regarding SSH - made port more PREFIX aware - changed maintainer
A commit references this bug: Author: cs Date: Tue Aug 12 18:31:26 UTC 2014 New revision: 364732 URL: http://svnweb.freebsd.org/changeset/ports/364732 Log: - unbreak - added some FreeBSD defaults regarding SSH - made port more PREFIX aware - changed maintainer PR: 191842 Submitted by: Gerard J. Cerchio and Lukasz Wasikowski (maintainer) Changes: head/security/rkhunter/Makefile head/security/rkhunter/files/patch-files__rkhunter.conf
Committed. Thank you very much.