Date: Fri, 4 Feb 2011 11:07:05 +0100 From: Torfinn Ingolfsen <tingox@gmail.com> To: FreeBSD Ports ML <freebsd-ports@freebsd.org> Subject: Re: security/rkhunter 1.3.8 - false warning? Message-ID: <AANLkTikkEDCPtgbd24CO%2B3m9jm8ypF7HJdB%2B1K1vByeP@mail.gmail.com> In-Reply-To: <AANLkTimkPG7cLfyVM8QHO=GSNyY5U0sp%2B9eo3xsPkiye@mail.gmail.com> References: <AANLkTimkPG7cLfyVM8QHO=GSNyY5U0sp%2B9eo3xsPkiye@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Update: On Tue, Jan 4, 2011 at 6:38 PM, Torfinn Ingolfsen <tingox@gmail.com> wrote: > Hi, > > rkhunter 1.3.8 from ports complains about the /etc/passwd file. Why > does it do that? > From /var/log/rkhunter.log: > [03:01:30] =A0 /etc/passwd =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 = =A0 =A0 =A0 =A0 =A0 =A0 =A0 [ Warning ] > [03:01:30] Warning: The file '/etc/passwd' exists on the system, but > it is not present in the rkhunter.dat file. I asked the same question in the newsgroup comp.unix.bsd.freebsd.misc, and now someone has actually found out what causes this problem. If rkhunter is run from the command line like this (the same options as the periodic script uses): rkhunter --checkall --nocolors --skip-keypress it does NOT complain about /etc/passwd However, if you add the directory /etc to PATH, like this: PATH=3D$PATH:/etc rkhunter --checkall --nocolors --skip-keypress it complains about /etc/passwd. And, of course, /etc/crontab have a PATH which incudes the /etc directory. I'll report this to the rkhunter developers. --=20 Regards, Torfinn Ingolfsen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTikkEDCPtgbd24CO%2B3m9jm8ypF7HJdB%2B1K1vByeP>