Fixing rkhunter's 'Update failed' error
Lots of references to a time when the sourceforge file was not available, which was not the answer to the problem today.
I was attempting to install rkhunter
on a new Debian server.
When I ran rkhunter --update
, I got an error:
[ Rootkit Hunter version 1.4.6 ]
Checking rkhunter data files...
Checking file mirrors.dat [ Update failed ]
Checking file programs_bad.dat [ Update failed ]
Checking file backdoorports.dat [ Update failed ]
Checking file suspscan.dat [ Update failed ]
Checking file i18n versions [ Update failed ]
Checking in the log file, /var/log/rkhunter.log
:
[17:06:49] Info: The mirrors file has been rotated: /var/lib/rkhunter/db/mirrors.dat
[17:06:49] Info: Executing download command '/usr/bin/curl --fail --output "/var/lib/rkhunter/tmp/rkhunter.upd.zCjGcwaXzn" http://rkhunter.sourceforge.net/1.4/mirrors.dat 2>/dev/null'
[17:06:49] Info: Download failed - 1 mirror(s) left.
I tried the curl
command manually, and it resulted in nothing. No output.
I tried the curl
command replacing http with https, and it worked:
curl https://rkhunter.sourceforge.net/1.4/mirrors.dat
Version:2021020602
mirror=http://rkhunter.sourceforge.net
remote=http://rkhunter.sourceforge.net
So curl
failed because the page uses https but the rkhunter config passes http to curl
.
So, either:
- change the configuration, so that it uses the https version of the page; or
- set
wget
, rather thancurl
, in/etc/rkhunter.conf.local
, in theWEB_CMD
option.
Since the second is changing a user-defined option (which historically I’ve always set to curl
, as that is what the documentation suggestions, but I can’t see a reason why wget
would not also suffice), I went with that.
I changed curl
to wget
in the /etc/rkhunter.conf.local
config file, and it worked:
[ Rootkit Hunter version 1.4.6 ]
Checking rkhunter data files...
Checking file mirrors.dat [ No update ]
Checking file programs_bad.dat [ No update ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ No update ]
Checking file i18n/cn [ Skipped ]
Checking file i18n/de [ Skipped ]
Checking file i18n/en [ No update ]
Checking file i18n/tr [ Skipped ]
Checking file i18n/tr.utf8 [ Skipped ]
Checking file i18n/zh [ Skipped ]
Checking file i18n/zh.utf8 [ Skipped ]
Checking file i18n/ja [ Skipped ]
You may also like:
- PINE64's PineBuds Pro: my first impressions
- #FreeSoftwareAdvent: all my Free software suggestion posts in one place
- Wireless printing and scanning with a Brother MFC L2750DW on Debian
- Adding image resizing options to nautilus right-click menu
- Syncing signatures in Evolution
- Early impressions of CryptPad on a Raspberry Pi
- Removing pages from a PDF with pdftk
- Microsoft Surface, Debian, and two 4k monitor frustrations
- Fixing 'tee: command not found' on Debian 11 Bullseye
- Installing Debian 11 on a Microsoft Surface Go: secure boot, mokutil, Wi-Fi, and libinih1
- Setting up a Ledger Nano X with Debian 11
- What happened to the netbook?
- Unwanted spam on Ubuntu ssh login (and how to stop it)
- WireGuard not routing IPv4 traffic: GNOME 3 / Network Manager
- Scheduling posts on Mastodon, the hack-y way