On Tue, 2011-09-20 at 12:47 +0200, Daniel Polombo wrote:
> Le 20 sept. 2011 à 12:03, John Horne a écrit :
> > On Mon, 2011-09-19 at 16:46 +0200, daniel@... wrote:
> >> Greetings,
> >> I've been testing Rootkit Hunter 1.3.8 on a handful of Solaris 10
> >> (x86) servers, and I have an interesting problem. While running the
> >> script manually (rkhunter --check --rwo --sk), everything works as
> >> expected. However, when running a check via crontab, I get errors about
> >> files that don't exist on the system though they are in the rkhunter.dat
> >> files.
> > Hello,
> > I would very much first check that you only have one version of rkhunter
> > on the system(s). Use something like glocate (just 'locate' or mlocate,
> > slocate on other systems). It sounds like your cron system is picking up
> > one version of RKH, whereas when run interactively you are getting a
> > different one (or the same version but different data files).
> There's only one version, which I packaged and installed very recently.
> There was no RKH install before that.
Okay, in which case I would suspect that the PATH used when run via cron
is different from when used interactively. As such if you ran 'rkhunter
--propupd' interactively, then some files may well be reported as
present or missing from the system.
If you are using 'sudo', then maybe using 'sudo su -' will give you the
same PATH as used by cron.
The '--nocolors' option simply suppresses showing the colour escape
codes in the output.
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001