Ubuntu: Rkhunter warnings : file exists on system but not in rkhunter.dat (and vice versa)



Question:

A brand new Ubuntu 14.04 server with rkhunter is warning about several files that exist on the system but not in rkhunter.dat

For instance : /use/bin/awk, /usr/bin/curl even /usr/bin/rkhunter! (and a lot more)

The system is offline, so it's most-likely a false positive. The warnings are coming from a daily cronjob, and are most unexpected as I had run a --propupd a few hours before and a check with no issues.

At the same time I'm also seeing warnings of "file '0' does not exist on the system but is present in the rkhunter.dat

I have found an old posting on the sourceforge mailing list (https://sourceforge.net/p/rkhunter/mailman/message/28114396/) suggesting it might be due to multiple installations or a PATH issue in crontab (hence the difference in running via cron and interactive) and even suggested some sudo solutions.

Has anyone found the same issue and a solution? I've not yet been able to confirm a solution so anyone else's experience would be helpful.


Solution:1

Indeed I have two versions installed. One in /usr/bin/rkhunter (version 1.4.0) and was installed from the apt-repositories. There was a second version installed in /usr/local/bin/rkhunter (version 1.4.2) which was installed as an update to 1.4.0 but appears did not actually replace 1.40. Updating crontab to the correct path has solved the issue.

So, having two versions of rkhunter is probably not ideal, but that's a different question!


Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Previous
Next Post »