Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1014425: rkhunter: rkunter is unable to find config file for 'syslog' daemon
92 views
Skip to first unread message
Tim McConnell
Jul 5, 2022, 3:40:03 PM7/5/22
to
Package: rkhunter
Version: 1.4.6-10
Severity: normal
X-Debbugs-Cc: tmccon...@gmail.com
Dear Maintainer,
I'm getting these emails Daily:
Warning: The 'syslog' daemon is running, but no configuration file can be
found.
This has been going on for about the last 3 upgrade releases of Debian Testing.
Now I'm unsure if any of the scans are working like they are supposed to. This
is done by a daily Cron job. so these emails and the ones stating: "Please
inspect this machine, because it may be infected." shouldn't be happening?
How do I fix both?
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.18.0-2-rt-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages rkhunter depends on:
ii binutils 2.38-4
ii debconf [debconf-2.0] 1.5.79
ii file 1:5.41-4
ii lsof 4.95.0-1
ii net-tools 1.60+git20181103.0eebece-1
ii perl 5.34.0-4
ii ucf 3.0043
Versions of packages rkhunter recommends:
ii bsd-mailx [mailx] 8.1.2-0.20220412cvs-1
ii curl 7.83.1-2
ii e2fsprogs 1.46.5-2
ii exim4-daemon-light [mail-transport-agent] 4.95-6
ii iproute2 5.18.0-1
ii mailutils [mailx] 1:3.15-2+b1
ii unhide 20210124-2
ii unhide.rb 22-6
ii wget 1.21.3-1+b2
Versions of packages rkhunter suggests:
ii liburi-perl 5.10-1
ii libwww-perl 6.67-1
ii powermgmt-base 1.36
-- Configuration Files:
/etc/logcheck/ignore.d.server/rkhunter [Errno 13] Permission denied: '/etc/logcheck/ignore.d.server/rkhunter'
/etc/rkhunter.conf changed:
UPDATE_MIRRORS=1
MIRRORS_MODE=0
MAIL-ON-WARNING='root'
MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}"
TMPDIR=/var/lib/rkhunter/tmp
DBDIR=/var/lib/rkhunter/db
SCRIPTDIR=/usr/share/rkhunter/scripts
UPDATE_LANG="en"
LOGFILE=/var/log/rkhunter.log
COPY_LOG_ON_ERROR=1
USE_SYSLOG=authpriv.warning
AUTO_X_DETECT=1
ALLOW_SSH_PROT_V1=2
ENABLE_TESTS=ALL
DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps apps
PKGMGR=DPKG
SCRIPTWHITELIST=/usr/bin/egrep
SCRIPTWHITELIST=/usr/bin/fgrep
SCRIPTWHITELIST=/usr/bin/which
SCRIPTWHITELIST=/usr/bin/ldd
SCRIPTWHITELIST=/usr/bin/which.debianutils
SCRIPTWHITELIST=/usr/sbin/adduser
ALLOWHIDDENDIR=/etc/.java
ALLOWPROCLISTEN=/usr/sbin/tcpdump
ALLOWPROCLISTEN=/usr/sbin/snort-plain
ALLOWDEVFILE=/dev/shm/pulse-shm-*
ALLOWDEVFILE=/dev/shm/sem.ADBE_*
ALLOWDEVFILE=/dev/shm/u1000-Shm_*
ALLOWDEVFILE=/dev/shm/u1000-ValveIPCSharedObj-Steam*
ALLOWDEVFILE=/dev/shm/jack_db-1000/*
ALLOWIPCPROC=/usr/bin/firefox
ALLOWIPCPROC=/usr/lib/firefox-esr/firefox-esr
WEB_CMD=wget
INSTALLDIR=/usr
ALLOWPROCDELFILE=/usr/sbin/cron
ALLOWPROCDELFILE=/usr/bin/dash
ALLOWPROCDELFILE=/usr/bin/run-parts
SCRIPTWHITELIST=/usr/bin/egrep
SCRIPTWHITELIST=/usr/bin/fgrep
SCRIPTWHITELIST=/usr/bin/which
PORT_PATH_WHITELIST=/usr/sbin/portsentry
ALLOW_SSH_ROOT_USER=prohibit-password
-- debconf information:
rkhunter/cron_daily_run: true
rkhunter/cron_db_update: true
rkhunter/apt_autogen: true
-- debsums errors found:
debsums: changed file /var/lib/rkhunter/db/mirrors.dat (from rkhunter package)
Version: 1.4.6-10
Severity: normal
X-Debbugs-Cc: tmccon...@gmail.com
Dear Maintainer,
I'm getting these emails Daily:
Warning: The 'syslog' daemon is running, but no configuration file can be
found.
This has been going on for about the last 3 upgrade releases of Debian Testing.
Now I'm unsure if any of the scans are working like they are supposed to. This
is done by a daily Cron job. so these emails and the ones stating: "Please
inspect this machine, because it may be infected." shouldn't be happening?
How do I fix both?
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.18.0-2-rt-amd64 (SMP w/1 CPU thread; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages rkhunter depends on:
ii binutils 2.38-4
ii debconf [debconf-2.0] 1.5.79
ii file 1:5.41-4
ii lsof 4.95.0-1
ii net-tools 1.60+git20181103.0eebece-1
ii perl 5.34.0-4
ii ucf 3.0043
Versions of packages rkhunter recommends:
ii bsd-mailx [mailx] 8.1.2-0.20220412cvs-1
ii curl 7.83.1-2
ii e2fsprogs 1.46.5-2
ii exim4-daemon-light [mail-transport-agent] 4.95-6
ii iproute2 5.18.0-1
ii mailutils [mailx] 1:3.15-2+b1
ii unhide 20210124-2
ii unhide.rb 22-6
ii wget 1.21.3-1+b2
Versions of packages rkhunter suggests:
ii liburi-perl 5.10-1
ii libwww-perl 6.67-1
ii powermgmt-base 1.36
-- Configuration Files:
/etc/logcheck/ignore.d.server/rkhunter [Errno 13] Permission denied: '/etc/logcheck/ignore.d.server/rkhunter'
/etc/rkhunter.conf changed:
UPDATE_MIRRORS=1
MIRRORS_MODE=0
MAIL-ON-WARNING='root'
MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}"
TMPDIR=/var/lib/rkhunter/tmp
DBDIR=/var/lib/rkhunter/db
SCRIPTDIR=/usr/share/rkhunter/scripts
UPDATE_LANG="en"
LOGFILE=/var/log/rkhunter.log
COPY_LOG_ON_ERROR=1
USE_SYSLOG=authpriv.warning
AUTO_X_DETECT=1
ALLOW_SSH_PROT_V1=2
ENABLE_TESTS=ALL
DISABLE_TESTS=suspscan hidden_ports hidden_procs deleted_files packet_cap_apps apps
PKGMGR=DPKG
SCRIPTWHITELIST=/usr/bin/egrep
SCRIPTWHITELIST=/usr/bin/fgrep
SCRIPTWHITELIST=/usr/bin/which
SCRIPTWHITELIST=/usr/bin/ldd
SCRIPTWHITELIST=/usr/bin/which.debianutils
SCRIPTWHITELIST=/usr/sbin/adduser
ALLOWHIDDENDIR=/etc/.java
ALLOWPROCLISTEN=/usr/sbin/tcpdump
ALLOWPROCLISTEN=/usr/sbin/snort-plain
ALLOWDEVFILE=/dev/shm/pulse-shm-*
ALLOWDEVFILE=/dev/shm/sem.ADBE_*
ALLOWDEVFILE=/dev/shm/u1000-Shm_*
ALLOWDEVFILE=/dev/shm/u1000-ValveIPCSharedObj-Steam*
ALLOWDEVFILE=/dev/shm/jack_db-1000/*
ALLOWIPCPROC=/usr/bin/firefox
ALLOWIPCPROC=/usr/lib/firefox-esr/firefox-esr
WEB_CMD=wget
INSTALLDIR=/usr
ALLOWPROCDELFILE=/usr/sbin/cron
ALLOWPROCDELFILE=/usr/bin/dash
ALLOWPROCDELFILE=/usr/bin/run-parts
SCRIPTWHITELIST=/usr/bin/egrep
SCRIPTWHITELIST=/usr/bin/fgrep
SCRIPTWHITELIST=/usr/bin/which
PORT_PATH_WHITELIST=/usr/sbin/portsentry
ALLOW_SSH_ROOT_USER=prohibit-password
-- debconf information:
rkhunter/cron_daily_run: true
rkhunter/cron_db_update: true
rkhunter/apt_autogen: true
-- debsums errors found:
debsums: changed file /var/lib/rkhunter/db/mirrors.dat (from rkhunter package)
tmccon...@gmail.com
Jul 5, 2022, 5:00:03 PM7/5/22
to
I'm using busybox-syslogd, it's supposed to do syslogd and klogd
On Tue, 2022-07-05 at 13:44 -0700, Francois Marier wrote:
> Hi Tim,
> myself.
>
> Are you using rsyslog or syslog-ng?
>
> Francois
>
On Tue, 2022-07-05 at 13:44 -0700, Francois Marier wrote:
> Hi Tim,
>
> > I'm getting these emails Daily:
> > Warning: The 'syslog' daemon is running, but no configuration file
> > can be
> > found.
>
> I'm not sure why you're getting that message, I've never seen it
> > I'm getting these emails Daily:
> > Warning: The 'syslog' daemon is running, but no configuration file
> > can be
> > found.
>
> myself.
>
> Are you using rsyslog or syslog-ng?
>
> Francois
>
Francois Marier
Jul 5, 2022, 5:00:04 PM7/5/22
to
Hi Tim,
> I'm getting these emails Daily:
> Warning: The 'syslog' daemon is running, but no configuration file can be
> found.
https://fmarier.org/
> I'm getting these emails Daily:
> Warning: The 'syslog' daemon is running, but no configuration file can be
> found.
I'm not sure why you're getting that message, I've never seen it myself.
Are you using rsyslog or syslog-ng?
Francois
--
Are you using rsyslog or syslog-ng?
Francois
https://fmarier.org/
0 new messages