I am on Ubuntu, I am trying to install rkhunter.
I've tried
apt-get install rkhunter
success
But then, I did
rkhunter --update
I kept getting
Invalid WEB_CMD configuration option: Relative pathname: "/bin/false"
Asked
Active
Viewed 2.0k times
12
Jeff Schaller
- 66,199
- 35
- 114
- 250
code-8
- 412
- 1
- 6
- 18
3 Answers
21
I had the same problem but found the following fix:
Open /etc/rkhunter.conf. Uncomment (remove the # to the left) and change the following three variables:
MIRRORS_MODE=1 ---> MIRRORS_MODE=0
UPDATE_MIRRORS=0 ---> UPDATE_MIRRORS=1
WEB_CMD="/bin/false" ---> WEB_CMD=""
--versioncheck and --update should now work.
I believe the well-written comments in /etc/rkhunter.conf explain each variable clearly, but, in the tl;dr spirit, here's my quick interpretation of what is happening:
The default MIRRORS_MODE=1 tells rkhunter to only use local mirrors, but you have to define them in the mirrors file for this setting to work. Switching to MIRRORS_MODE=0 allows rkhunter to use any mirror.
The default UPDATE_MIRRORS=0 only allows the mirrors file to be updated manually. Switching to UPDATE_MIRRORS=1 allows rkhunter to update the file during the --update operation.
The default WEB_CMD="/bin/false" purposely blocks rkhunter from connecting to mirrors for security reasons. Switching to WEB_CMD="" re-enables rkhunter's ability to do mirror updates.
However, considering this function was purposely disabled for security reasons, it's seems like it may be best to update rkhunter using the package manager. That's what I plan to do. Hope this was helpful.
fixxOrz
- 311
- 2
- 6
5
Apparently it is caused by a security update that disabled remote downloading of updates. I have seen the recommendation to replace in /etc/rkhunter.conf:
WEB_CMD="/bin/false"
with
WEB_CMD=""
However, I don't see the point since the update will fail. I think you should leave it to /bin/false, ignore the message and rely on aptitude for the updates.
Paulo Tomé
- 3,754
- 6
- 26
- 38
Dominique Lorre
- 151
- 1
0
If cURL is installed on your system, which is likely, I prefer setting WEB_CMD=curl as the documentation specifically says there is no default value.
-
This does not add to the approved answer given by @fixxOrz two years ago. – number9 Apr 09 '21 at 15:35