rkhunter / cron install - oops

[loftus49]

I tried to install rkhunter on my Redhat Fedora Core 6 virtual server (GoDaddy). But what I get for notification is:


/bin/sh: /usr/local/bin/rkhunter-1.3.6/files/rkhunter: Permission denied

and

/bin/sh: rkhunter: command not found

I'm guessing I need to change permission in rkunter - but to what? And - why doesn't it "find" the command?

Ooops.

[zindello]

First things first:

Your permission denied error, what is most likely, is that your user does not have permission to execute that file. Can you do:

ls -la /user/loca/bin/rkhunter-1.3.6/files/rkhunter

and paste the output here. Most likely you may need to run a chgrp or chmod command

The system doesnt "find" the command because the system only knows about commands that are in the system variable $PATH, you can see these directories by typing in the following command:

echo $PATH

The best way to get the system to "find" this command, would be to create a simlink to it from your executable to a location that is in the path.

eg:

ln -s /usr/local/bin/rkhunter /usr/local/bin/rkhunter-1.3.6/files/rkhunter

that will link the "file" /usr/local/bin/rkhunter (/usr/local/bin is most likely in your path) to the real location of the rkhunter executable

[loftus49]

When I try the command you suggested, I get:

[root@ip-208-109-24-147 files]# ls-la/usr/local/bin/rkhunter-1.3.6/files/rkhunter
-bash: ls-la/usr/local/bin/rkhunter-1.3.6/files/rkhunter: No such file or directory

However, here is the contents of the ..../files directory and a ls -l listing showing the permissions.

[root@ip-208-109-24-147 files]# ls
ACKNOWLEDGMENTS LICENSE check_modules.pl filehashsha.pl mirrors.dat rkhunter rkhunter.spec
CHANGELOG README contrib filehashsha1.pl programs_bad.dat rkhunter.8 stat.pl
FAQ backdoorports.dat filehashmd5.pl i18n readlink.sh rkhunter.conf suspscan.dat
[root@ip-208-109-24-147 files]# ls -l
total 692
-rw-r----- 1 666 666 1306 Nov 28 15:03 ACKNOWLEDGMENTS
-rw-r----- 1 666 666 73480 Nov 28 14:25 CHANGELOG
-rw-r----- 1 666 666 26538 Nov 29 07:58 FAQ
-rw-r----- 1 666 666 18010 Sep 28 2006 LICENSE
-rw-r----- 1 666 666 32613 Nov 29 05:54 README
-rw-r----- 1 666 666 1030 Nov 9 2009 backdoorports.dat
-rwxr-x--- 1 666 666 1894 Aug 17 2009 check_modules.pl
drwxr-x--- 2 666 666 4096 Feb 22 2009 contrib
-rwxr-x--- 1 666 666 306 Sep 28 2006 filehashmd5.pl
-rwxr-x--- 1 666 666 623 Aug 22 2009 filehashsha.pl
-rwxr-x--- 1 666 666 285 Sep 28 2006 filehashsha1.pl
drwxr-x--- 2 666 666 4096 Nov 1 2009 i18n
-rw-r----- 1 666 666 97 Jun 11 2007 mirrors.dat
-rw-r----- 1 666 666 4311 Nov 29 06:05 programs_bad.dat
-rwxr-x--- 1 666 666 3227 Jul 5 2008 readlink.sh
-rwxr-x--- 1 666 666 425606 Nov 29 06:05 rkhunter
-rw-r----- 1 666 666 18350 Aug 22 2009 rkhunter.8
-rw-r----- 1 root root 30681 May 23 21:09 rkhunter.conf
-rw-r----- 1 666 666 5991 Nov 29 06:08 rkhunter.spec
-rwxr-x--- 1 666 666 3091 Nov 14 2006 stat.pl
-rw-r----- 1 666 666 1904 Nov 28 15:47 suspscan.dat
[root@ip-208-109-24-147 files]#

[zindello]

Ok, thats as good as given us the result your after.

Looking at this folder, everything is owned by, and grouped to 666, normally linux would map that back to a username, so what i'm going to suggest, is navigate to your files directory, and run the following commands:

chown root *
chgrp root *

(they will reset the user and group permissions back to the root user)

chmod g+x rkhunter
chmod u+x rkhunter
chmod +x rkhunter

These will ensure that the user, group, and all users will have execute access to that file.

Then all you need to do is simlink that file to a path that is in the $PATH variable, and your set.

[loftus49]

Permissions have been changed per your recommendations.

I did an echo $PATH
[root@ip-208-109-24-147 ~]# echo $PATH
//sbin://bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin

I think what it says is to modify your command as follows:

[root@ip-208-109-24-147 ~]# ln -s /usr/bin/rkhunter /usr/local/bin/rkhunter-1.3.6/files/rkhunter
ln: creating symbolic link `/usr/local/bin/rkhunter-1.3.6/files/rkhunter' to `/usr/bin/rkhunter': File exists

I hope this was correct.

I don't know how to test it to see if we made progress or not.

By the way ... thank you very much.

[zindello]

Hi,

Apologies, I'm always getting the simlink syntax mixed up. I got it the wrong way around. Try:

ln -s /usr/local/bin/rkhunter-1.3.6/files/rkhunter /usr/bin/rkhunter

then you should be able to run rkhunter

[loftus49]

zindello - YOU DID IT (I think) This is what I got after using your simlink command then typing rkhunter from the command prompt:

[root@ip-208-109-24-147 ~]# ln -s /usr/local/bin/rkhunter-1.3.6/files/rkhunter /usr/bin/rkhunter
[root@ip-208-109-24-147 ~]# rkhunter

Usage: rkhunter {--check | --unlock | --update | --versioncheck |
--propupd [{filename | directory | package name},...] |
--list [{tests | {lang | languages} | rootkits}] |
--version | --help} [options]

Current options are:
--append-log Append to the logfile, do not overwrite
--bindir <directory>... Use the specified command directories
-c, --check Check the local system
--cs2, --color-set2 Use the second color set for output
--configfile <file> Use the specified configuration file
--cronjob Run as a cron job
(implies -c, --sk and --nocolors options)
--dbdir <directory> Use the specified database directory
--debug Debug mode
(Do not use unless asked to do so)
--disable <test>[,<test>...] Disable specific tests
(Default is to disable no tests)
--display-logfile Display the logfile at the end
--enable <test>[,<test>...] Enable specific tests
(Default is to enable all tests)
--hash {MD5 | SHA1 | SHA224 | SHA256 | SHA384 | SHA512 |
NONE | <command>} Use the specified file hash function
(Default is SHA1, then MD5)
-h, --help Display this help menu, then exit
--lang, --language <language> Specify the language to use
(Default is English)
--list [tests | languages | List the available test names, languages,
rootkits] or checked for rootkits, then exit
-l, --logfile [file] Write to a logfile
(Default is /var/log/rkhunter.log)
--noappend-log Do not append to the logfile, overwrite it
--nocolors Use black and white output
--nolog Do not write to a logfile
--nomow, --no-mail-on-warning Do not send a message if warnings occur
--ns, --nosummary Do not show the summary of check results
--novl, --no-verbose-logging No verbose logging
--pkgmgr {RPM | DPKG | BSD | Use the specified package manager to obtain or
NONE} verify file hash values. (Default is NONE)
--propupd [file | directory | Update the entire file properties database,
package]... or just for the specified entries
-q, --quiet Quiet mode (no output at all)
--rwo, --report-warnings-only Show only warning messages
-r, --rootdir <directory> Use the specified root directory
--sk, --skip-keypress Don't wait for a keypress after each test
--summary Show the summary of system check results
(This is the default)
--syslog [facility.priority] Log the check start and finish times to syslog
(Default level is authpriv.notice)
--tmpdir <directory> Use the specified temporary directory
--unlock Unlock (remove) the lock file
--update Check for updates to database files
--vl, --verbose-logging Use verbose logging (on by default)
-V, --version Display the version number, then exit
--versioncheck Check for latest version of program
-x, --autox Automatically detect if X is in use
-X, --no-autox Do not automatically detect if X is in use

[zindello]

Looks to me like its working.

[loftus49]

Wonder why I'm getting this error?

[root@ip-208-109-24-147 ~]# rkhunter --update
Invalid INSTALLDIR configuration option - no installation directory specified.

[zindello]

Could be looking for a config file that doesnt exist, check your rkhunter.conf file, there will most likely be a lot of variables and whatnot in that file and i'd expect it would be a setting somewhere in there.

I dont user rkhunter so I can help you to get it to execute (which is what we've done) but as for actual config i'm sure there's someone else here that would be able to help you more.