Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1062865 - Rkhunter stops short when syslog daemon is not running
Summary: Rkhunter stops short when syslog daemon is not running
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: rkhunter
Version: 19
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Kevin Fenzi
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-02-08 09:56 UTC by Anthony Messina
Modified: 2014-11-07 02:40 UTC (History)
2 users (show)

Fixed In Version: rkhunter-1.4.2-5.fc19
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-03-15 15:01:33 UTC


Attachments (Terms of Use)

Description Anthony Messina 2014-02-08 09:56:41 UTC
When using rkhunter on a F19 system where non syslog daemon is running (using systemd-journald instead), rkhunter doesn't seem to run it's full set of tests and seems to bail out, giving the following every run.  This output is the same regardless if there *are* things that rkhunter should have picked up on.  For example, if I update coreutils or perl or a package that I know I'll need to issue a 'rkhunter --propupd' after.  This is the only output:

--------------------- Start Rootkit Hunter Update ---------------------
[ Rootkit Hunter version 1.4.0 ]

Checking rkhunter data files...
  Checking file mirrors.dat                                  [ No update ]
  Checking file programs_bad.dat                             [ No update ]
  Checking file backdoorports.dat                            [ No update ]
  Checking file suspscan.dat                                 [ No update ]
  Checking file i18n/cn                                      [ No update ]
  Checking file i18n/de                                      [ No update ]
  Checking file i18n/en                                      [ No update ]
  Checking file i18n/zh                                      [ No update ]
  Checking file i18n/zh.utf8                                 [ No update ]

---------------------- Start Rootkit Hunter Scan ----------------------
Warning: The syslog daemon is not running.

----------------------- End Rootkit Hunter Scan -----------------------

Comment 1 Kevin Fenzi 2014-02-16 18:55:49 UTC
This was actually fixed upstream a while back: 

http://sourceforge.net/p/rkhunter/feature-requests/36/

They simply haven't done a new release yet. ;( 

I'll try and see if they can soon... and failing that we could look at backporting... but its likely to be pretty messy, as there are a lot of changes in upstream.

Comment 2 Anthony Messina 2014-03-06 01:23:57 UTC
Ok, I've upgraded to F20 and there is some progress.  rkhunter will now show other warnings if there are any (after upgrading some regular system utils, for example) in addition to the "Warning: The syslog daemon is not running" notice.  So at least it can tell me if something's changed.  It would still be nice however to NOT get the warning about syslog running everyday when I'm fully aware that I'm only using systemd-journald.

Comment 3 Kevin Fenzi 2014-03-06 21:41:41 UTC
Theres a new upstream version that handles this now.

Will be pushing it out soon (need to look into some issues still). 

Sorry for the delay.

Comment 4 Kevin Fenzi 2014-03-13 19:53:09 UTC
Can you test this scratch build: 

http://koji.fedoraproject.org/koji/taskinfo?taskID=6630812

Comment 5 Anthony Messina 2014-03-13 23:08:53 UTC
(In reply to Kevin Fenzi from comment #4)
> Can you test this scratch build: 
> 
> http://koji.fedoraproject.org/koji/taskinfo?taskID=6630812

It appears to take away the warning about no syslog daemon running.  I have yet to merge in the massive changes to the config file, but it looks good so far.  Thanks.

Comment 6 Fedora Update System 2014-03-14 16:41:08 UTC
rkhunter-1.4.2-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/rkhunter-1.4.2-1.fc20

Comment 7 Fedora Update System 2014-03-14 16:43:29 UTC
rkhunter-1.4.2-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/rkhunter-1.4.2-1.fc19

Comment 8 Fedora Update System 2014-03-14 16:52:56 UTC
rkhunter-1.4.2-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/rkhunter-1.4.2-1.el6

Comment 9 Fedora Update System 2014-03-15 15:01:33 UTC
rkhunter-1.4.2-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2014-03-30 18:47:17 UTC
rkhunter-1.4.2-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2014-10-27 15:57:48 UTC
rkhunter-1.4.2-5.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/rkhunter-1.4.2-5.fc19

Comment 12 Fedora Update System 2014-11-07 02:40:00 UTC
rkhunter-1.4.2-5.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.