Bug#822789: rkhunter locks up itself

Christoph Anton Mitterer calestyo at scientia.net
Wed Apr 27 14:09:47 UTC 2016 

Package: rkhunter
Version: 1.4.2-5
Severity: important



Hi.

Since a while now (at least some months) I observe the behaviour
that somehow the lock file of rkhunter doesn't get cleaned up correctly
over and over again, and thus rkhunter e.g. hangs every time after
upgrading packages when it tries to calculate new sums.

I then typically resolve this manully (rkhunter --unlock), but
shortly after (though I haven't been able to really reproduce this)
it happens again...
I'm observing this on different nodes (VMs, notebook, server) and it
happens basically daily.

When it happenes, then none of these systems had been shut down
unclean, which could explain a stale log if rkhunter was just running
then (e.g. the cron job or after aptitude),... so IMHO it must be
some bug that happens during normal operation.

I think this issue appeared first roughly at the time when aptitude
started to get fresh development again, so maybe something has changed
there, that least to the stale lock files.


Perhaps other people suffer from this as well and have some ideas?


Chris.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.5.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages rkhunter depends on:
ii  binutils               2.26-8
ii  debconf [debconf-2.0]  1.5.59
ii  file                   1:5.25-2
ii  lsof                   4.89+dfsg-0.1
ii  net-tools              1.60+git20150829.73cef8a-2
ii  perl                   5.22.1-10
ii  ucf                    3.0036

Versions of packages rkhunter recommends:
ii  bsd-mailx [mailx]               8.1.2-0.20160123cvs-2
ii  curl                            7.47.0-1
ii  iproute2                        4.3.0-1+b1
ii  postfix [mail-transport-agent]  3.1.0-3
ii  unhide                          20130526-1
ii  unhide.rb                       22-2
ii  wget                            1.17.1-1+b1

Versions of packages rkhunter suggests:
ii  liburi-perl     1.71-1
ii  libwww-perl     6.15-1
ii  powermgmt-base  1.31+nmu1

-- Configuration Files:
/etc/default/rkhunter changed:
CRON_DAILY_RUN="true"
CRON_DB_UPDATE="true"
DB_UPDATE_EMAIL="true"
REPORT_EMAIL="root"
APT_AUTOGEN="true"
NICE="10"
RUN_CHECK_ON_BATTERY="true"

/etc/logcheck/ignore.d.server/rkhunter [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/rkhunter'
/etc/rkhunter.conf changed:
ROTATE_MIRRORS=0
UPDATE_MIRRORS=0
MIRRORS_MODE=1
MAIL-ON-WARNING=root
TMPDIR=/var/lib/rkhunter/tmp
DBDIR=/var/lib/rkhunter/db
SCRIPTDIR=/usr/share/rkhunter/scripts
UPDATE_LANG=en
LOGFILE=/var/log/rkhunter.log
COPY_LOG_ON_ERROR=1
USE_SYSLOG=authpriv.warning
AUTO_X_DETECT=1
WHITELISTED_IS_WHITE=1
ALLOW_SSH_ROOT_USER=no
ALLOW_SSH_PROT_V1=0
ENABLE_TESTS=all
DISABLE_TESTS=none
HASH_CMD=sha512sum
PKGMGR=NONE
PKGMGR_NO_VRFY=""
USE_SUNSUM=0
IGNORE_PRELINK_DEP_ERR=""
USER_FILEPROP_FILES_DIRS=/etc/rkhunter.conf
USER_FILEPROP_FILES_DIRS=/etc/rkhunter.conf.local
EXCLUDE_USER_FILEPROP_FILES_DIRS=""
EXISTWHITELIST=""
ATTRWHITELIST=""
WRITEWHITELIST=""
SCRIPTWHITELIST=/bin/egrep
SCRIPTWHITELIST=/bin/fgrep
SCRIPTWHITELIST=/bin/which
SCRIPTWHITELIST=/usr/bin/ldd
SCRIPTWHITELIST=/usr/bin/lwp-request
SCRIPTWHITELIST=/usr/sbin/adduser
SCRIPTWHITELIST=/usr/sbin/unhide.rb
IMMUTWHITELIST=""
ALLOWHIDDENDIR=/etc/.java
ALLOWHIDDENFILE=/usr/share/man/man5/.k5login.5.gz
ALLOWHIDDENFILE=/usr/share/man/man5/.k5identity.5.gz
ALLOWPROCDELFILE=/bin/dash:/tmp/file*
ALLOWPROCDELFILE=/bin/run-parts:/tmp/file*
ALLOWPROCDELFILE=/usr/sbin/anacron:/tmp/file*
ALLOWPROCLISTEN=""
ALLOWPROMISCIF=""
SCAN_MODE_DEV=THOROUGH
ALLOWDEVFILE=""
PHALANX2_DIRTEST=1
INETD_ALLOWED_SVC=""
XINETD_ALLOWED_SVC=""
UID0_ACCOUNTS=""
PWDLESS_ACCOUNTS=""
ALLOW_SYSLOG_REMOTE_LOGGING=0
APP_WHITELIST=""
PORT_WHITELIST=""
PORT_PATH_WHITELIST=""
WARN_ON_OS_CHANGE=1
UPDT_ON_OS_CHANGE=0
RTKT_DIR_WHITELIST=""
RTKT_FILE_WHITELIST=""
SHARED_LIB_WHITELIST=""
WEB_CMD=/bin/false
USE_LOCKING=1
LOCK_TIMEOUT=600
UNHIDE_TESTS=-v -d -m brute sys procall reverse
UNHIDETCP_OPTS=--verbose --fuser --lsof
DISABLE_UNHIDE=0
INSTALLDIR=/usr
SHOW_SUMMARY_WARNINGS_NUMBER=1
EMPTY_LOGFILES=""
MISSING_LOGFILES=""


-- debconf information:
* rkhunter/cron_daily_run: true
* rkhunter/apt_autogen: true
* rkhunter/cron_db_update: true

More information about the forensics-devel mailing list