security/rkhunter 1.3.8 - false warning?

Torfinn Ingolfsen tingox at
Fri Feb 4 10:07:06 UTC 2011


On Tue, Jan 4, 2011 at 6:38 PM, Torfinn Ingolfsen <tingox at> wrote:
> Hi,
> rkhunter 1.3.8 from ports complains about the /etc/passwd file. Why
> does it do that?
> From /var/log/rkhunter.log:
> [03:01:30]   /etc/passwd                                     [ Warning ]
> [03:01:30] Warning: The file '/etc/passwd' exists on the system, but
> it is not present in the rkhunter.dat file.

I asked the same question in the newsgroup comp.unix.bsd.freebsd.misc,
and now someone has actually found out what causes this problem.
If rkhunter is run from the command line like this (the same options
as the periodic script uses):
rkhunter --checkall --nocolors --skip-keypress
it does NOT complain about /etc/passwd
However, if you add the directory /etc to PATH, like this:
PATH=$PATH:/etc rkhunter --checkall --nocolors --skip-keypress

it complains about /etc/passwd. And, of course, /etc/crontab have a
PATH which incudes the /etc directory.

I'll report this to the rkhunter developers.
Torfinn Ingolfsen

More information about the freebsd-ports mailing list