Bug#657103: rkhunter: Invalid BINDIR configuration option: Invalid directory found: ~/bin
Jesse Molina
jesse at opendreams.net
Tue Jan 24 01:38:05 UTC 2012
Package: rkhunter
Version: 1.3.8-10
Severity: grave
Justification: renders package unusable
When doing "sudo rkhunter --propupd", error;
Invalid BINDIR configuration option: Invalid directory found: ~/bin
Both the user and root user have ~/bin in their $PATH, which seems to trigger the issue.
Note that;
-->egrep "^BINDIR" /etc/rkhunter.conf
BINDIR="/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/libexec /usr/local/libexec"
But, it complains and fails anyway.
Madness.
Additional opinionated dribble: At this point, the package, which offers limited value to me anyway, becomes too much trouble to be worth configuring so I'll just not deal with it. If the designer wishes for a security package like this to be effective, it needs to be useful in it's default configuration so that minimal manual intervention is required to do the job.
-- System Information:
Debian Release: wheezy/sid
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages rkhunter depends on:
ii binutils 2.21.90.20111025-1 GNU assembler, linker and binary u
ii debconf [debconf-2.0] 1.5.41 Debian configuration management sy
ii file 5.09-2 Determines file type using "magic"
ii net-tools 1.60-24.1 The NET-3 networking toolkit
ii perl 5.14.2-5 Larry Wall's Practical Extraction
ii ucf 3.0025+nmu2 Update Configuration File: preserv
Versions of packages rkhunter recommends:
ii courier-mta [mail-transpo 0.66.3-1+b1 Courier mail server - ESMTP daemon
ii curl 7.21.7-3 Get a file from an HTTP, HTTPS or
ii elinks 0.12~pre5-5+b1 advanced text-mode WWW browser
ii iproute 20110629-1 networking and traffic control too
ii links 2.3-1 Web browser running in text mode
ii lsof 4.81.dfsg.1-1 List open files
ii lynx 2.8.8dev.9-2 Text-mode WWW Browser (transitiona
ii unhide 20110113-3 Forensic tool to find hidden proce
ii wget 1.13.4-1 retrieves files from the web
Versions of packages rkhunter suggests:
ii heirloom-mailx [mailx] 12.5-1 feature-rich BSD mail(1)
pn libdigest-whirlpool-perl <none> (no description available)
ii liburi-perl 1.59-1 module to manipulate and access UR
ii libwww-perl 6.03-1 simple and consistent interface to
pn powermgmt-base <none> (no description available)
pn tripwire <none> (no description available)
-- Configuration Files:
/etc/rkhunter.conf changed:
ROTATE_MIRRORS=1
UPDATE_MIRRORS=1
MIRRORS_MODE=0
MAIL-ON-WARNING=""
MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}"
TMPDIR=/var/lib/rkhunter/tmp
DBDIR=/var/lib/rkhunter/db
SCRIPTDIR=/usr/share/rkhunter/scripts
BINDIR="/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/libexec /usr/local/libexec"
UPDATE_LANG=""
LOGFILE=/var/log/rkhunter.log
APPEND_LOG=0
COPY_LOG_ON_ERROR=0
COLOR_SET2=0
AUTO_X_DETECT=1
WHITELISTED_IS_WHITE=0
ALLOW_SSH_ROOT_USER=no
ALLOW_SSH_PROT_V1=0
ENABLE_TESTS="all"
DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps apps"
SCRIPTWHITELIST=/bin/egrep
SCRIPTWHITELIST=/bin/fgrep
SCRIPTWHITELIST=/bin/which
SCRIPTWHITELIST=/usr/bin/groups
SCRIPTWHITELIST=/usr/bin/ldd
SCRIPTWHITELIST=/usr/bin/lwp-request
SCRIPTWHITELIST=/usr/sbin/adduser
SCRIPTWHITELIST=/usr/sbin/prelink
IMMUTABLE_SET=0
PHALANX2_DIRTEST=0
ALLOW_SYSLOG_REMOTE_LOGGING=0
SUSPSCAN_TEMP=/dev/shm
SUSPSCAN_MAXSIZE=10240000
SUSPSCAN_THRESH=200
USE_LOCKING=0
LOCK_TIMEOUT=300
SHOW_LOCK_MSGS=1
DISABLE_UNHIDE=1
INSTALLDIR="/usr"
-- debconf information:
rkhunter/apt_autogen:
rkhunter/cron_daily_run: no
rkhunter/cron_db_update: yes
More information about the forensics-devel
mailing list