1

When I first ran rkhunter on my Ubuntu 16.04 VPS, I noticed an error with lsattr when checking for prerequisites:

Warning: Checking for prerequisites               [ Warning ]
Unable to find 'lsattr' command - all file immutable-bit checks will be skipped.

Because I could not find a solution online, I tried 'apt-get purge e2fslibs' to remove the package that contains the lsattr command, and reinstalled it afterwards. But still, running lsattr returns

lsattr: command not found

and 'whereis' returns

lsattr:

It seems this has to do with the virtualisation environment used for my VPS (Virtuozzo), because commands such as lsattr are missing. The package containing lsattr is e2fslibs and because that is already established, it is not a duplicate of the questions "How do I find the package that provides a file?"

My question: How can I tell rkhunter to ignore lsattr so that it is excluded from the scan for prerequisites? Because it cannot be present on my system, is there any way to "whitelist" it?

Andy
  • 11
  • Just found this on another website: "Virtuozzo, the software that runs the VPS system, does not support those commands. In fact, they have been completely removed from the latest version." Any way to tell rkhunter to stop looking for it, maybe via whitelisting? – Andy Mar 06 '17 at 11:33
  • 1
    it's a warning, not an error. Just ignore it. – muru Mar 06 '17 at 11:47
  • True, but this warning is the only reason I get the rkhunter e-mail and I would prefer to get that only if something is really wrong. That is why I would like rkhunter to ignore the lsattr command. – Andy Mar 06 '17 at 12:24
  • 1
    Possible duplicate of How do I find the package that provides a file? – David Foerster Mar 06 '17 at 14:00
  • I know which package includes lsattr (e2fslibs), as stated in my question. Nonetheless, I have edited my question. What I do not know however, is how I could possibly whitelist lsattr so that it is excluded from the scan. When I added it to EXISTWHITELIST, it does not appear to have changed anything. Perhaps this particular whitelist is for files that rkhunter checks, but not the commands it uses? – Andy Mar 08 '17 at 13:33
  • That's extremely odd. What's the output of echo "$PATH" and ls -l /usr/bin/lsattr? – David Foerster Mar 21 '17 at 11:03
  • echo "$PATH": /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games`

    ls -l /usr/bin/lsattr: ls: cannot access '/usr/bin/lsattr': No such file or directory

     – Andy Mar 21 '17 at 14:06
  • Any other ideas how to ignore this message? – Andy Apr 10 '17 at 15:55
  • did you find a solution for this? – Zanna Aug 10 '17 at 14:26

0 Answers0