#179 Update failed.

[Giorgos]

Hi! :-)

I just installed the latest ver. (1.4.6), on a Debian based system.

However update actions are unavailable.
Console's output:

>rkhunter --versioncheck
[ Rootkit Hunter version 1.4.6 ]

Checking rkhunter version...
  This version  : 1.4.6
  Latest version: Download failed
  >

>rkhunter --update  
[ Rootkit Hunter version 1.4.6 ]

Checking rkhunter data files...
  Checking file mirrors.dat                                  [ Skipped ]
  Checking file programs_bad.dat                             [ Update failed ]
  Checking file backdoorports.dat                            [ Update failed ]
  Checking file suspscan.dat                                 [ Update failed ]
  Checking file i18n versions                                [ Update failed ]

Please check the log file (/var/log/rkhunter.log)
>

Log's related text:

Info: The mirrors file has no required mirrors in it: /var/lib/rkhunter/db/mirrors.dat
Warning: Download failed: Unable to determine the latest program version number.
Latest version: Download failed

mirrors.dat contents:

Version:2007060601
mirror=http://rkhunter.sourceforge.net
mirror=http://rkhunter.sourceforge.net

[DKragen]

The rkhunter page (https://rkhunter.sourceforge.net/1.4.6/mirrors.dat)is down:

"An error has been encountered in accessing this page.

1. Server: rkhunter.sourceforge.net
2. URL path: /1.4.6/mirrors.dat
3. Error notes: NONE
4. Error type: 404
5. Request method: GET
6. Request query string: NONE
7. Time: 2023-01-01 23:01:10 UTC (1672614070)

Reporting this problem: The problem you have encountered is with a project web site hosted by SourceForge.net. This issue should be reported to the SourceForge.net-hosted project (not to SourceForge.net). "

[Tom Hendrikx]

I just solved this issue with ubuntu, I guess the same problem exists on debian. The problem is a combination of issues:

1. The default WEB_CMD in rkhunter.conf is set to '/bin/false' you need to change it to your liking, and the primary example for that in the comments is to replace it with 'curl'. Now you can do --versioncheck, but you'll get 'Download failed'. The logfile (/var/log/rkhunter.log) tells you: "Info: The mirrors file has no required mirrors in it: /var/lib/rkhunter/db/mirrors.dat"

2. The default MIRRORS_MODE in rkhunter.conf is '1' (use only local mirrors), but this doesn't work. Change it to '0' (use any mirror). Now you can do --versioncheck, the error is still 'Download failed', but when you check the logfile, the problem is different: curl tries to access a remote file and fails. If you perform the curl command manually, you might notice that the problem is that the request that curl performs, ends in a redirect to HTTPS. curl doesn't follow this redirect.

3. Apparently curl is too stupid, or the default cli options that rkhunter defines for it are not good enough. Go back to rkhunter and change the WEB_CMD to an empty string (WEB_CMD=), now rkhunter will try a few commands that it knows about. Now --versioncheck will succeed (if not, install wget with apt), and in the logfile you'll see that it used a wget command. Wget does follow the redirect to HTTPS.

After this, --update will work too.

So it would be nice if:
- debian/ubuntu would ship rkhunter with a config that works out of the box
- rkhunter would improve the builtin commandline options for curl
- rkhunter would provide a mirrors.dat file that contains https urls, so the whole redirect tuning for curl wouldn't be necessary

[Giorgos]

THANKS Tom!!! ;-)

I had the MIRRORS_MODE -> 2, so I changed it -> 0 and now works!!! :-)

(Though I don't understand why didn't work at the 1st place, since I don't have any local mirrors).

HAPPY NEW YEAR everyone!!! :-)