security/rkhunter 1.3.8 - false warning?
tingox at gmail.com
Fri Feb 4 10:07:06 UTC 2011
On Tue, Jan 4, 2011 at 6:38 PM, Torfinn Ingolfsen <tingox at gmail.com> wrote:
> rkhunter 1.3.8 from ports complains about the /etc/passwd file. Why
> does it do that?
> From /var/log/rkhunter.log:
> [03:01:30] /etc/passwd [ Warning ]
> [03:01:30] Warning: The file '/etc/passwd' exists on the system, but
> it is not present in the rkhunter.dat file.
I asked the same question in the newsgroup comp.unix.bsd.freebsd.misc,
and now someone has actually found out what causes this problem.
If rkhunter is run from the command line like this (the same options
as the periodic script uses):
rkhunter --checkall --nocolors --skip-keypress
it does NOT complain about /etc/passwd
However, if you add the directory /etc to PATH, like this:
PATH=$PATH:/etc rkhunter --checkall --nocolors --skip-keypress
it complains about /etc/passwd. And, of course, /etc/crontab have a
PATH which incudes the /etc directory.
I'll report this to the rkhunter developers.
More information about the freebsd-ports