search

megabyte-labs / install.doctor

A glorious combination of application / theme settings and a performant cross-platform, desktop-oriented software suite.
https://megabyte.space
Other
85 stars 17 forks source link

rkhunter fails to update #114

Open ProfessorManhattan opened 8 months ago

ProfessorManhattan commented 8 months ago

❔ What are you experiencing an issue with?

Latest Release

❔ Version

N/A

🐞 Description

In the software.yml file, after rkhunter gets installed it runs rkhunter --propupd && rkhunter --update. I had to prune an entry from the PATH to get it working but there is still another issue. When rkhunter --update is run, the updates fail (logs posted below). This issue is happening on macOS arm64. It could be because of the openssl-osx-ca program or possibly from the certificate modifications that CloudFlare WARP is doing. It's possible that Homebrew is using wget but it has not been updated to use the proper certificates. I copied the URLs that were shown in the logs and it was possible to open them in a browser so it's not an internet issue.

⏺️ Steps To Reproduce

No response

πŸ“’ Relevant Log Output

❯ PATH="$(echo "$PATH" | sed 's/VMware Fusion.app//')" sudo rkhunter --update
Password:
[ Rootkit Hunter version 1.4.6 ]

Checking rkhunter data files...
  Checking file mirrors.dat                                  [ Update failed ]
  Checking file programs_bad.dat                             [ Update failed ]
  Checking file backdoorports.dat                            [ Update failed ]
  Checking file suspscan.dat                                 [ Update failed ]
  Checking file i18n versions                                [ Update failed ]

Please check the log file (/var/log/rkhunter.log)
                                                                                                                                                                                                        /18.3s
❯ sudo cat /var/log/rkhunter.log
Password:
[23:55:11] Running Rootkit Hunter version 1.4.6 on betelgeuse
[23:55:12]
[23:55:12] Info: Start date is Sun Nov  5 23:55:11 EST 2023
[23:55:12]
[23:55:12] Checking configuration file and command-line options...
[23:55:12] Info: Detected operating system is 'Darwin'
[23:55:12] Info: Found O/S name: macOS 14.1 (64-bit capable)
[23:55:12] Info: Command line is /opt/homebrew/bin/rkhunter --update
[23:55:12] Info: Environment shell is /bin/sh; rkhunter is using sh
[23:55:12] Info: Using configuration file '/opt/homebrew/Cellar/rkhunter/1.4.6/etc/rkhunter.conf'
[23:55:12] Info: Installation directory is '/opt/homebrew/Cellar/rkhunter/1.4.6'
[23:55:12] Info: Using language 'en'
[23:55:12] Info: Using '/opt/homebrew/Cellar/rkhunter/1.4.6/var/lib/rkhunter/db' as the database directory
[23:55:12] Info: Using '/opt/homebrew/Cellar/rkhunter/1.4.6/lib/rkhunter/scripts' as the support script directory
[23:55:12] Info: Using '/opt/homebrew/share/google-cloud-sdk/bin /Users/bzalewski/.local/share/asdf/shims /Users/bzalewski/.local/share/asdf/bin /Users/bzalewski/.local/share/git-fuzzy/bin /opt/homebrew/opt/gnu-tar/libexec/gnubin /opt/homebrew/opt/gnu-sed/libexec/gnubin /opt/homebrew/opt/gnu-indent/libexec/gnubin /opt/homebrew/opt/coreutils/libexec/gnubin /Users/bzalewski/.local/share/volta/bin /Users/bzalewski/.local/share/krew/bin /Users/bzalewski/.local/share/aqua/bin /opt/homebrew/bin /opt/homebrew/sbin /Users/bzalewski/.local/bin/pipx /Users/bzalewski/.local/bin/mackup /Users/bzalewski/.local/bin/gpt /Users/bzalewski/.local/bin/firejail /Users/bzalewski/.local/bin /usr/local/bin /System/Cryptexes/App/usr/bin /usr/bin /bin /usr/sbin /sbin /Library/TeX/texbin /Library/Frameworks/Mono.framework/Versions/Current/Commands /Users/bzalewski/.local/share/cargo/bin /Users/bzalewski/.local/share/deta/bin /Users/bzalewski/.config/dotnet/.dotnet/tools /Users/bzalewski/.local/share/go/bin /opt/homebrew/opt/go/libexec/bin /Applications/monero-wallet-gui.app/Contents/MacOS /Users/bzalewski/.local/share/porter /Users/bzalewski/.local/share/gems/bin /Users/bzalewski/.local/bin/update/bin /Users/bzalewski/.local/share/emsdk /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/lib /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/adb /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/command-not-found /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/copybuffer /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/encode64 /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/gem /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/git-auto-fetch /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/git-extras /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/git-flow /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/gitfast /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/github /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/golang /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/heroku /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/httpie /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/ionic /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/ipfs /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/isodate /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/kn /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/kubectx /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/last-working-dir /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/lxd /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/macos /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/macports /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/magic-enter /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/marktext /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/microk8s /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/minikube /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/mongocli /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/mosh /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/multipass /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/ng /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/nomad /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/oc /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/pass /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/pip /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/pm2 /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/qrcode /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/react-native /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/redis-cli /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/ripgrep /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/safe-paste /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/sdk /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/spring /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/sudo /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/terraform /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/timer /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/tmuxinator /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/urltools /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/ufw /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/vagrant /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/web-search /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/yarn /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/zsh-interactive-cd /Users/bzalewski/.local/share/antigen/bundles/robbyrussell/oh-my-zsh/plugins/zsh-navigation-tools /Users/bzalewski/.local/share/antigen/bundles/zsh-users/zsh-completions/src /Users/bzalewski/.local/share/antigen/bundles/marlonrichert/zsh-autocomplete-main /Users/bzalewski/.local/share/antigen/bundles/marlonrichert/zsh-autocomplete-main/Functions /Users/bzalewski/.local/share/antigen/bundles/zsh-users/zsh-autosuggestions /Users/bzalewski/.local/share/antigen/bundles/zsh-users/zsh-syntax-highlighting /Users/bzalewski/.local/share/antigen/bundles/romkatv/powerlevel10k /Users/bzalewski/.config/hishtory /usr/libexec' as the command directories
[23:55:12] Info: Using '/opt/homebrew/Cellar/rkhunter/1.4.6/var/lib/rkhunter/tmp' as the temporary directory
[23:55:12] Info: X will be automatically detected
[23:55:12] Info: Found the 'basename' command: /opt/homebrew/opt/coreutils/libexec/gnubin/basename
[23:55:12] Info: Found the 'diff' command: /usr/bin/diff
[23:55:12] Info: Found the 'dirname' command: /opt/homebrew/opt/coreutils/libexec/gnubin/dirname
[23:55:12] Info: Found the 'file' command: /usr/bin/file
[23:55:12] Info: Found the 'find' command: /usr/bin/find
[23:55:12] Info: Found the 'ifconfig' command: /sbin/ifconfig
[23:55:12] Info: Found the 'ip' command: /opt/homebrew/bin/ip
[23:55:12] Info: Found the 'ipcs' command: /usr/bin/ipcs
[23:55:12] Info: Unable to find the 'ldd' command
[23:55:12] Info: Unable to find the 'lsattr' command
[23:55:12] Info: Unable to find the 'lsmod' command
[23:55:12] Info: Found the 'lsof' command: /usr/sbin/lsof
[23:55:12] Info: Found the 'mktemp' command: /opt/homebrew/opt/coreutils/libexec/gnubin/mktemp
[23:55:13] Info: Found the 'netstat' command: /usr/sbin/netstat
[23:55:13] Info: Found the 'numfmt' command: /opt/homebrew/bin/gnumfmt
[23:55:13] Info: Found the 'perl' command: /opt/homebrew/bin/perl
[23:55:13] Info: Found the 'pgrep' command: /usr/bin/pgrep
[23:55:13] Info: Found the 'ps' command: /bin/ps
[23:55:13] Info: Found the 'pwd' command: /opt/homebrew/opt/coreutils/libexec/gnubin/pwd
[23:55:13] Info: Found the 'readlink' command: /opt/homebrew/opt/coreutils/libexec/gnubin/readlink
[23:55:13] Info: Found the 'stat' command: /opt/homebrew/opt/coreutils/libexec/gnubin/stat
[23:55:13] Info: Found the 'strings' command: /usr/bin/strings
[23:55:13] Info: Found the 'wget' command: /opt/homebrew/bin/wget
[23:55:13] Info: The mirrors file will be rotated
[23:55:13] Info: Both local and remote mirrors will be used
[23:55:13] Info: The mirrors file will be updated
[23:55:13] Info: Logging to log file: /var/log/rkhunter.log
[23:55:13] Info: Locking is not being used
[23:55:13]
[23:55:13] Checking rkhunter data files...
[23:55:13] Info: Created temporary file '/opt/homebrew/Cellar/rkhunter/1.4.6/var/lib/rkhunter/tmp/rkhunter.upd.b6Mwb9hJh0'
[23:55:13] Info: Created temporary file '/opt/homebrew/Cellar/rkhunter/1.4.6/var/lib/rkhunter/tmp/mirrors.dat.qisZn4Orkl'
[23:55:13] Info: The mirrors file has been rotated: /opt/homebrew/Cellar/rkhunter/1.4.6/var/lib/rkhunter/db/mirrors.dat
[23:55:13] Info: Executing download command '/opt/homebrew/bin/wget  -q -O "/opt/homebrew/Cellar/rkhunter/1.4.6/var/lib/rkhunter/tmp/rkhunter.upd.b6Mwb9hJh0" http://rkhunter.sourceforge.net/1.4/mirrors.dat 2>/dev/null'
[23:55:14] Warning: Download of 'mirrors.dat' failed: Unable to determine the latest version number.
[23:55:14] Checking file mirrors.dat                         [ Update failed ]
[23:55:14] Info: Executing download command '/opt/homebrew/bin/wget  -q -O "/opt/homebrew/Cellar/rkhunter/1.4.6/var/lib/rkhunter/tmp/rkhunter.upd.b6Mwb9hJh0" http://rkhunter.sourceforge.net/1.4/programs_bad.dat 2>/dev/null'
[23:55:14] Warning: Download of 'programs_bad.dat' failed: Unable to determine the latest version number.
[23:55:14] Checking file programs_bad.dat                    [ Update failed ]
[23:55:15] Info: Executing download command '/opt/homebrew/bin/wget  -q -O "/opt/homebrew/Cellar/rkhunter/1.4.6/var/lib/rkhunter/tmp/rkhunter.upd.b6Mwb9hJh0" http://rkhunter.sourceforge.net/1.4/backdoorports.dat 2>/dev/null'
[23:55:15] Warning: Download of 'backdoorports.dat' failed: Unable to determine the latest version number.
[23:55:15] Checking file backdoorports.dat                   [ Update failed ]
[23:55:15] Info: Executing download command '/opt/homebrew/bin/wget  -q -O "/opt/homebrew/Cellar/rkhunter/1.4.6/var/lib/rkhunter/tmp/rkhunter.upd.b6Mwb9hJh0" http://rkhunter.sourceforge.net/1.4/suspscan.dat 2>/dev/null'
[23:55:15] Warning: Download of 'suspscan.dat' failed: Unable to determine the latest version number.
[23:55:16] Checking file suspscan.dat                        [ Update failed ]
[23:55:16] Info: Executing download command '/opt/homebrew/bin/wget  -q -O "/opt/homebrew/Cellar/rkhunter/1.4.6/var/lib/rkhunter/tmp/rkhunter.upd.b6Mwb9hJh0" http://rkhunter.sourceforge.net/1.4/i18n/1.4.6/i18n.ver 2>/dev/null'
[23:55:16] Checking file i18n versions                       [ Update failed ]
[23:55:16] Warning: Download of 'i18n.ver' failed: Unable to determine the latest version number.
[23:55:16]
[23:55:16] Info: End date is Sun Nov  5 23:55:16 EST 2023


### πŸ’‘ Possible Solution

_No response_
enggnr commented 8 months ago

@ProfessorManhattan, past discussions about failure to download the files were related to changes at Sourceforge. Retrying has usually resulted in the download succeeding in those cases.

There was also a move to use HTTPS to download these files but that was reverted as the code change was not in place to support that. Currently, this is handled by a redirect to HTTPS URL. Could you please try the wget command without -q to get more info - something like wget -O - http://rkhunter.sourceforge.net/1.4/mirrors.dat? Please also test with curl. When I tried on a AMD64 machine, wget and curl were able to download the files (and I did not have the problem to begin with). I do not have CloudFlare installed, so not really sure if that is contributing.

ProfessorManhattan commented 8 months ago

Hey @enggnr --- thanks... I tried to do this but it seems to always add the -q flag. I'm seeing this issue on macOS arm64 (new macbook)

enggnr commented 8 months ago

@ProfessorManhattan, it may not have any thing to do with certificates if it is happening on a new machine. Could you please check the values of these settings in the file rkhunter.conf? Please run $(brew --prefix) to find the path where Homebrew installs software. The file should be in the Cellar/rkhunter/1.4.6/etc/ folder in that location.

Homebrew does not appear to be changing these settings. Could you please set WEB_CMD=curl -L (or /usr/bin/curl -L) in the conf file and try the update? The URLs in mirrors.dat file need to be using http (https also works with curl and wget as mentioned in the previous comment but lets check anyway), which has helped a few people.