Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Forensics <forensics-devel@lists.alioth.debian.org>: Bug#657103; Package rkhunter.
(Tue, 24 Jan 2012 01:45:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Jesse Molina <jesse@opendreams.net>:
New Bug report received and forwarded. Copy sent to Debian Forensics <forensics-devel@lists.alioth.debian.org>.
(Tue, 24 Jan 2012 01:45:05 GMT) (full text, mbox, link).
Package: rkhunter
Version: 1.3.8-10
Severity: grave
Justification: renders package unusable
When doing "sudo rkhunter --propupd", error;
Invalid BINDIR configuration option: Invalid directory found: ~/bin
Both the user and root user have ~/bin in their $PATH, which seems to trigger the issue.
Note that;
-->egrep "^BINDIR" /etc/rkhunter.conf
BINDIR="/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/libexec /usr/local/libexec"
But, it complains and fails anyway.
Madness.
Additional opinionated dribble: At this point, the package, which offers limited value to me anyway, becomes too much trouble to be worth configuring so I'll just not deal with it. If the designer wishes for a security package like this to be effective, it needs to be useful in it's default configuration so that minimal manual intervention is required to do the job.
-- System Information:
Debian Release: wheezy/sid
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages rkhunter depends on:
ii binutils 2.21.90.20111025-1 GNU assembler, linker and binary u
ii debconf [debconf-2.0] 1.5.41 Debian configuration management sy
ii file 5.09-2 Determines file type using "magic"
ii net-tools 1.60-24.1 The NET-3 networking toolkit
ii perl 5.14.2-5 Larry Wall's Practical Extraction
ii ucf 3.0025+nmu2 Update Configuration File: preserv
Versions of packages rkhunter recommends:
ii courier-mta [mail-transpo 0.66.3-1+b1 Courier mail server - ESMTP daemon
ii curl 7.21.7-3 Get a file from an HTTP, HTTPS or
ii elinks 0.12~pre5-5+b1 advanced text-mode WWW browser
ii iproute 20110629-1 networking and traffic control too
ii links 2.3-1 Web browser running in text mode
ii lsof 4.81.dfsg.1-1 List open files
ii lynx 2.8.8dev.9-2 Text-mode WWW Browser (transitiona
ii unhide 20110113-3 Forensic tool to find hidden proce
ii wget 1.13.4-1 retrieves files from the web
Versions of packages rkhunter suggests:
ii heirloom-mailx [mailx] 12.5-1 feature-rich BSD mail(1)
pn libdigest-whirlpool-perl <none> (no description available)
ii liburi-perl 1.59-1 module to manipulate and access UR
ii libwww-perl 6.03-1 simple and consistent interface to
pn powermgmt-base <none> (no description available)
pn tripwire <none> (no description available)
-- Configuration Files:
/etc/rkhunter.conf changed:
ROTATE_MIRRORS=1
UPDATE_MIRRORS=1
MIRRORS_MODE=0
MAIL-ON-WARNING=""
MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}"
TMPDIR=/var/lib/rkhunter/tmp
DBDIR=/var/lib/rkhunter/db
SCRIPTDIR=/usr/share/rkhunter/scripts
BINDIR="/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/libexec /usr/local/libexec"
UPDATE_LANG=""
LOGFILE=/var/log/rkhunter.log
APPEND_LOG=0
COPY_LOG_ON_ERROR=0
COLOR_SET2=0
AUTO_X_DETECT=1
WHITELISTED_IS_WHITE=0
ALLOW_SSH_ROOT_USER=no
ALLOW_SSH_PROT_V1=0
ENABLE_TESTS="all"
DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps apps"
SCRIPTWHITELIST=/bin/egrep
SCRIPTWHITELIST=/bin/fgrep
SCRIPTWHITELIST=/bin/which
SCRIPTWHITELIST=/usr/bin/groups
SCRIPTWHITELIST=/usr/bin/ldd
SCRIPTWHITELIST=/usr/bin/lwp-request
SCRIPTWHITELIST=/usr/sbin/adduser
SCRIPTWHITELIST=/usr/sbin/prelink
IMMUTABLE_SET=0
PHALANX2_DIRTEST=0
ALLOW_SYSLOG_REMOTE_LOGGING=0
SUSPSCAN_TEMP=/dev/shm
SUSPSCAN_MAXSIZE=10240000
SUSPSCAN_THRESH=200
USE_LOCKING=0
LOCK_TIMEOUT=300
SHOW_LOCK_MSGS=1
DISABLE_UNHIDE=1
INSTALLDIR="/usr"
-- debconf information:
rkhunter/apt_autogen:
rkhunter/cron_daily_run: no
rkhunter/cron_db_update: yes
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Forensics <forensics-devel@lists.alioth.debian.org>: Bug#657103; Package rkhunter.
(Tue, 24 Jan 2012 06:21:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Julien Valroff <julien@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Forensics <forensics-devel@lists.alioth.debian.org>.
(Tue, 24 Jan 2012 06:21:04 GMT) (full text, mbox, link).
package rkhunter
severity 657103 important
thanks
Le mardi 24 janv. 2012 à 02:38:05 (+0100 CET), Jesse Molina a écrit :
> Package: rkhunter
> Version: 1.3.8-10
> Severity: grave
> Justification: renders package unusable
Lowering the severity as it seems the package is unusable only in specific
circumstances.
> When doing "sudo rkhunter --propupd", error;
> Invalid BINDIR configuration option: Invalid directory found: ~/bin
>
> Both the user and root user have ~/bin in their $PATH, which seems to trigger the issue.
>
> Note that;
>
> -->egrep "^BINDIR" /etc/rkhunter.conf
> BINDIR="/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin /usr/libexec /usr/local/libexec"
>
> But, it complains and fails anyway.
This indeed shouldn't happen as $PATH should only be used when BINDIR
configuration option doesn't exist.
What is your default shell? I'm surprised it leaves ~/bin in $PATH - it
should be automagically changed to an absolute path.
% grep PATH ~/.zshrc
## PATH definition
[ -d ~/scripts ] && PATH=$PATH:~/scripts
[ -d ~/bin ] && PATH=$PATH:~/bin
% echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/home/julien/scripts:/home/julien/bin
rkhunter then complains as it only accepts bin directories beginning with /
to avoid any relative paths being used.
> Additional opinionated dribble: At this point, the package, which offers
> limited value to me anyway, becomes too much trouble to be worth
> configuring so I'll just not deal with it. If the designer wishes for a
> security package like this to be effective, it needs to be useful in it's
> default configuration so that minimal manual intervention is required to
> do the job.
Very hard to make a default configuration for every possible system while
keeping everything as secure as possible - just as with any other piece of
software, you have to spend some time to configure it. If you want to help
in improving the Debian package, you are welcome to join the pkg-forensics
team. Upstream also welcomes patches.
Cheers,
Julien
--
.''`. Julien Valroff ~ <julien@kirya.net> ~ <julien@debian.org>
: :' : Debian Developer & Free software contributor
`. `'` http://www.kirya.net/
`- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1
Severity set to 'important' from 'grave'
Request was from Julien Valroff <julien@debian.org>
to control@bugs.debian.org.
(Tue, 24 Jan 2012 06:21:05 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Forensics <forensics-devel@lists.alioth.debian.org>: Bug#657103; Package rkhunter.
(Tue, 24 Jan 2012 09:15:25 GMT) (full text, mbox, link).
Acknowledgement sent
to Jesse Molina <jesse@opendreams.net>:
Extra info received and forwarded to list. Copy sent to Debian Forensics <forensics-devel@lists.alioth.debian.org>.
(Tue, 24 Jan 2012 09:15:26 GMT) (full text, mbox, link).
Hi
Shell is bash 4.2-1.
If you want debug output, tell me explicitly what you want. Normally I
like a good mystery, but I do not have the time right now.
Julien Valroff wrote:
> This indeed shouldn't happen as $PATH should only be used when BINDIR
> configuration option doesn't exist.
>
> What is your default shell? I'm surprised it leaves ~/bin in $PATH - it
> should be automagically changed to an absolute path.
>
> % grep PATH ~/.zshrc
> ## PATH definition
> [ -d ~/scripts ]&& PATH=$PATH:~/scripts
> [ -d ~/bin ]&& PATH=$PATH:~/bin
>
> % echo $PATH
> /usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games:/home/julien/scripts:/home/julien/bin
>
> rkhunter then complains as it only accepts bin directories beginning with /
> to avoid any relative paths being used.
--
# Jesse Molina
# Mail = jesse@opendreams.net
# Page = page-jesse@opendreams.net
# Cell = 1.602.323.7608
# Web = http://www.opendreams.net/jesse/
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Forensics <forensics-devel@lists.alioth.debian.org>: Bug#657103; Package rkhunter.
(Thu, 26 Jan 2012 20:15:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Julien Valroff <julien@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Forensics <forensics-devel@lists.alioth.debian.org>.
(Thu, 26 Jan 2012 20:15:04 GMT) (full text, mbox, link).
Le mardi 24 janv. 2012 à 10:07:03 (+0100 CET), Jesse Molina a écrit :
>
> Hi
>
> Shell is bash 4.2-1.
How do you define your $PATH?
Make sure you do not use ' which would prevent ~/ from being expanded to
/home/username/
PATH=$PATH:~/bin
is enough
The rkhunter warning is actually normal as it doesn't accept any directory
in $PATH or $BINDIR which doesn't begin with / - which is a safe way to
avoid relative paths.
Cheers,
Julien
--
.''`. Julien Valroff ~ <julien@kirya.net> ~ <julien@debian.org>
: :' : Debian Developer & Free software contributor
`. `'` http://www.kirya.net/
`- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Forensics <forensics-devel@lists.alioth.debian.org>: Bug#657103; Package rkhunter.
(Tue, 31 Jan 2012 08:06:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Jesse Molina <jesse@opendreams.net>:
Extra info received and forwarded to list. Copy sent to Debian Forensics <forensics-devel@lists.alioth.debian.org>.
(Tue, 31 Jan 2012 08:06:03 GMT) (full text, mbox, link).
Sorry for slow reply.
-->echo $PATH
~/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
-->egrep PATH= .bash*
.bash_profile:PATH="/usr/local/sbin:/usr/sbin:/sbin:${PATH}"
.bash_profile: PATH="~/bin:${PATH}"
-->sudo rkhunter --propupd
Invalid BINDIR configuration option: Invalid directory found: ~/bin
[~]
-->PATH="/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games"
[~]
-->sudo rkhunter --propupd
[ Rootkit Hunter version 1.3.8 ]
^C[~]
-->PATH="~/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games"
[~]
-->sudo rkhunter --propupd
Invalid BINDIR configuration option: Invalid directory found: ~/bin
The question as to why BINDIR in the config file is being ignored remains.
-->egrep "^BINDIR" /etc/rkhunter.conf
BINDIR="/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin
/usr/libexec /usr/local/libexec"
Julien Valroff wrote:
> How do you define your $PATH?
>
> Make sure you do not use ' which would prevent ~/ from being expanded to
> /home/username/
>
> PATH=$PATH:~/bin
>
> is enough
>
> The rkhunter warning is actually normal as it doesn't accept any directory
> in $PATH or $BINDIR which doesn't begin with / - which is a safe way to
> avoid relative paths.
--
# Jesse Molina
# Mail = jesse@opendreams.net
# Page = page-jesse@opendreams.net
# Cell = 1.602.323.7608
# Web = http://www.opendreams.net/jesse/
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Forensics <forensics-devel@lists.alioth.debian.org>: Bug#657103; Package rkhunter.
(Tue, 31 Jan 2012 19:09:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Julien Valroff <julien@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Forensics <forensics-devel@lists.alioth.debian.org>.
(Tue, 31 Jan 2012 19:09:05 GMT) (full text, mbox, link).
Le mardi 31 janv. 2012 à 09:02:59 (+0100 CET), Jesse Molina a écrit :
>
> Sorry for slow reply.
>
> -->echo $PATH
> ~/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
>
> -->egrep PATH= .bash*
> .bash_profile:PATH="/usr/local/sbin:/usr/sbin:/sbin:${PATH}"
> .bash_profile: PATH="~/bin:${PATH}"
OK, I have finally managed to get this behaviour, "~/bin" is not expanded...
[...]
> The question as to why BINDIR in the config file is being ignored remains.
Read around line 2122 of rkhunter:
# The BINPATHS list is prepended with the root PATH. However,
# any specified BINDIR directories beginning with a '+' will
# be prepended before the root PATH.
#
# Once that has been done, we check that each directory begins
# with a '/'. We remove any non-existent directories, but we do
# not flag this as an error. We also remove any duplicate directories.
Hence the root PATH is then always considered, contrary to what I had
originally thought. The behaviour you describe is IMHO normal, the cause is
the fact you don't allow ~/bin to be expanded to /home/user/bin.
Simply change your .bash_profile to state PATH=~/bin:${PATH} and it should
work as expected.
Cheers,
Julien
--
.''`. Julien Valroff ~ <julien@kirya.net> ~ <julien@debian.org>
: :' : Debian Developer & Free software contributor
`. `'` http://www.kirya.net/
`- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Forensics <forensics-devel@lists.alioth.debian.org>: Bug#657103; Package rkhunter.
(Wed, 01 Feb 2012 00:33:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Jesse Molina <jesse@opendreams.net>:
Extra info received and forwarded to list. Copy sent to Debian Forensics <forensics-devel@lists.alioth.debian.org>.
(Wed, 01 Feb 2012 00:33:09 GMT) (full text, mbox, link).
Okay, I understand now. Thanks for your help.
I have a habit of quoting things. Looks like it bit me.
~/bin does get expanded for me in the shell, so it's never been a
problem for me before. Since rkhunter takes $PATH in as-is, it doesn't
know what to do with ~.
FYI, this was never a problem until something in rkhunter changed fairly
recently.
Thanks. Go ahead and close out.
Julien Valroff wrote:
> Le mardi 31 janv. 2012 à 09:02:59 (+0100 CET), Jesse Molina a écrit :
>>
>> Sorry for slow reply.
>>
>> -->echo $PATH
>> ~/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
>>
>> -->egrep PATH= .bash*
>> .bash_profile:PATH="/usr/local/sbin:/usr/sbin:/sbin:${PATH}"
>> .bash_profile: PATH="~/bin:${PATH}"
>
> OK, I have finally managed to get this behaviour, "~/bin" is not expanded...
>
> [...]
>> The question as to why BINDIR in the config file is being ignored remains.
>
> Read around line 2122 of rkhunter:
>
> # The BINPATHS list is prepended with the root PATH. However,
> # any specified BINDIR directories beginning with a '+' will
> # be prepended before the root PATH.
> #
> # Once that has been done, we check that each directory begins
> # with a '/'. We remove any non-existent directories, but we do
> # not flag this as an error. We also remove any duplicate directories.
>
> Hence the root PATH is then always considered, contrary to what I had
> originally thought. The behaviour you describe is IMHO normal, the cause is
> the fact you don't allow ~/bin to be expanded to /home/user/bin.
>
> Simply change your .bash_profile to state PATH=~/bin:${PATH} and it should
> work as expected.
>
> Cheers,
> Julien
>
--
# Jesse Molina
# Mail = jesse@opendreams.net
# Page = page-jesse@opendreams.net
# Cell = 1.602.323.7608
# Web = http://www.opendreams.net/jesse/
Reply sent
to Julien Valroff <julien@debian.org>:
You have taken responsibility.
(Wed, 01 Feb 2012 05:52:04 GMT) (full text, mbox, link).
Notification sent
to Jesse Molina <jesse@opendreams.net>:
Bug acknowledged by developer.
(Wed, 01 Feb 2012 05:52:04 GMT) (full text, mbox, link).
Le mercredi 01 févr. 2012 à 01:29:47 (+0100 CET), Jesse Molina a écrit :
>
> Okay, I understand now. Thanks for your help.
>
> I have a habit of quoting things. Looks like it bit me.
>
> ~/bin does get expanded for me in the shell, so it's never been a
> problem for me before. Since rkhunter takes $PATH in as-is, it
> doesn't know what to do with ~.
>
> FYI, this was never a problem until something in rkhunter changed
> fairly recently.
>
> Thanks. Go ahead and close out.
>
Thanks for your confirmation.
Now closing.
Cheers,
Julien
>
>
>
> Julien Valroff wrote:
> >Le mardi 31 janv. 2012 à 09:02:59 (+0100 CET), Jesse Molina a écrit :
> >>
> >>Sorry for slow reply.
> >>
> >>-->echo $PATH
> >>~/bin:/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
> >>
> >>-->egrep PATH= .bash*
> >>.bash_profile:PATH="/usr/local/sbin:/usr/sbin:/sbin:${PATH}"
> >>.bash_profile: PATH="~/bin:${PATH}"
> >
> >OK, I have finally managed to get this behaviour, "~/bin" is not expanded...
> >
> >[...]
> >>The question as to why BINDIR in the config file is being ignored remains.
> >
> >Read around line 2122 of rkhunter:
> >
> > # The BINPATHS list is prepended with the root PATH. However,
> > # any specified BINDIR directories beginning with a '+' will
> > # be prepended before the root PATH.
> > #
> > # Once that has been done, we check that each directory begins
> > # with a '/'. We remove any non-existent directories, but we do
> > # not flag this as an error. We also remove any duplicate directories.
> >
> >Hence the root PATH is then always considered, contrary to what I had
> >originally thought. The behaviour you describe is IMHO normal, the cause is
> >the fact you don't allow ~/bin to be expanded to /home/user/bin.
> >
> >Simply change your .bash_profile to state PATH=~/bin:${PATH} and it should
> >work as expected.
> >
> >Cheers,
> >Julien
> >
>
--
.''`. Julien Valroff ~ <julien@kirya.net> ~ <julien@debian.org>
: :' : Debian Developer & Free software contributor
`. `'` http://www.kirya.net/
`- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 29 Feb 2012 07:33:23 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU General
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.