Bug#657103: rkhunter: Invalid BINDIR configuration option: Invalid directory found: ~/bin

Julien Valroff julien at debian.org
Tue Jan 24 06:16:39 UTC 2012


package rkhunter
severity 657103 important
thanks

Le mardi 24 janv. 2012 à 02:38:05 (+0100 CET), Jesse Molina a écrit :
> Package: rkhunter
> Version: 1.3.8-10
> Severity: grave
> Justification: renders package unusable

Lowering the severity as it seems the package is unusable only in specific
circumstances. 

> When doing "sudo rkhunter --propupd", error;
> Invalid BINDIR configuration option: Invalid directory found: ~/bin
> 
> Both the user and root user have ~/bin in their $PATH, which seems to trigger the issue.
> 
> Note that;
> 
> -->egrep "^BINDIR" /etc/rkhunter.conf
> BINDIR="/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/libexec /usr/local/libexec"
> 
> But, it complains and fails anyway.

This indeed shouldn't happen as $PATH should only be used when BINDIR
configuration option doesn't exist.

What is your default shell? I'm surprised it leaves ~/bin in $PATH - it
should be automagically changed to an absolute path.

% grep PATH ~/.zshrc
## PATH definition
[ -d ~/scripts ] && PATH=$PATH:~/scripts
[ -d ~/bin ] && PATH=$PATH:~/bin

% echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/home/julien/scripts:/home/julien/bin

rkhunter then complains as it only accepts bin directories beginning with /
to avoid any relative paths being used.

> Additional opinionated dribble:  At this point, the package, which offers
> limited value to me anyway, becomes too much trouble to be worth
> configuring so I'll just not deal with it.  If the designer wishes for a
> security package like this to be effective, it needs to be useful in it's
> default configuration so that minimal manual intervention is required to
> do the job.

Very hard to make a default configuration for every possible system while
keeping everything as secure as possible - just as with any other piece of
software, you have to spend some time to configure it. If you want to help
in improving the Debian package, you are welcome to join the pkg-forensics
team. Upstream also welcomes patches.

Cheers,
Julien

-- 
  .''`.   Julien Valroff ~ <julien at kirya.net> ~ <julien at debian.org>    
 : :'  :  Debian Developer & Free software contributor
 `. `'`   http://www.kirya.net/
   `-     4096R/ E1D8 5796 8214 4687 E416  948C 859F EF67 258E 26B1





More information about the forensics-devel mailing list