“[: Binary: unexpected operator” message when updating rkhunter definitions

Bug #1509663 reported by Wise Melon
26
This bug affects 5 people
Affects Status Importance Assigned to Milestone
rkhunter (Debian)
Fix Released
Unknown
rkhunter (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

After upgrading to Ubuntu GNOME 15.10 from 15.04 I have noticed that upon running the command:

    sudo rkhunter --update

That I get this output:

    [ Rootkit Hunter version 1.4.2 ]

    Checking rkhunter data files...
      Checking file mirrors.dat [ No update ]
      Checking file programs_bad.dat [ No update ]
      Checking file backdoorports.dat [ No update ]
      Checking file suspscan.dat [ No update ]
      Checking file i18n/cn [ No update ]
      Checking file i18n/de [ No update ]
      Checking file i18n/en [ No update ]
    /usr/bin/rkhunter: 7439: [: Binary: unexpected operator
      Checking file i18n/tr [ No update ]
      Checking file i18n/tr.utf8 [ No update ]
    /usr/bin/rkhunter: 7439: [: Binary: unexpected operator
      Checking file i18n/zh [ No update ]
      Checking file i18n/zh.utf8 [ No update ]

This is the relevant section of the log file:

    [20:47:33] Checking rkhunter data files...
    [20:47:33] Info: Created temporary file '/var/lib/rkhunter/tmp/rkhunter.upd.80Dxz4681c'
    [20:47:33] Info: Created temporary file '/var/lib/rkhunter/tmp/mirrors.dat.TQulAoe7Ji'
    [20:47:33] Info: The mirrors file has been rotated: /var/lib/rkhunter/db/mirrors.dat
    [20:47:33] Info: Executing download command '/usr/bin/wget -q -O "/var/lib/rkhunter/tmp/rkhunter.upd.80Dxz4681c" http://rkhunter.sourceforge.net/1.3/mirrors.dat 2>/dev/null'
    [20:47:33] Info: This version : 2007060601
    [20:47:34] Info: Latest version: 2007060601
    [20:47:34] Checking file mirrors.dat [ No update ]
    [20:47:34] Info: Executing download command '/usr/bin/wget -q -O "/var/lib/rkhunter/tmp/rkhunter.upd.80Dxz4681c" http://rkhunter.sourceforge.net/1.3/programs_bad.dat 2>/dev/null'
    [20:47:34] Info: This version : 2014042901
    [20:47:34] Info: Latest version: 2014042901
    [20:47:34] Checking file programs_bad.dat [ No update ]
    [20:47:34] Info: Executing download command '/usr/bin/wget -q -O "/var/lib/rkhunter/tmp/rkhunter.upd.80Dxz4681c" http://rkhunter.sourceforge.net/1.3/backdoorports.dat 2>/dev/null'
    [20:47:34] Info: This version : 2010111401
    [20:47:34] Info: Latest version: 2010111401
    [20:47:34] Checking file backdoorports.dat [ No update ]
    [20:47:34] Info: Executing download command '/usr/bin/wget -q -O "/var/lib/rkhunter/tmp/rkhunter.upd.80Dxz4681c" http://rkhunter.sourceforge.net/1.3/suspscan.dat 2>/dev/null'
    [20:47:35] Info: This version : 2009112901
    [20:47:35] Info: Latest version: 2009112901
    [20:47:35] Checking file suspscan.dat [ No update ]
    [20:47:35] Info: Executing download command '/usr/bin/wget -q -O "/var/lib/rkhunter/tmp/rkhunter.upd.80Dxz4681c" http://rkhunter.sourceforge.net/1.3/i18n/1.4.2/i18n.ver 2>/dev/null'
    [20:47:35] Info: This version : 2009091601
    [20:47:35] Info: Latest version: 2009091601
    [20:47:35] Checking file i18n/cn [ No update ]
    [20:47:35] Info: This version : 2014010301
    [20:47:35] Info: Latest version: 2014010301
    [20:47:35] Checking file i18n/de [ No update ]
    [20:47:35] Info: This version : 2013112401
    [20:47:35] Info: Latest version: 2013112401
    [20:47:35] Checking file i18n/en [ No update ]
    [20:47:35] Info: This version : Binary file /var/lib/rkhunter/db/i18n/tr matches
    [20:47:35] Info: Latest version: 2014030201
    [20:47:35] Checking file i18n/tr [ No update ]
    [20:47:35] Info: This version : 2014030201
    [20:47:35] Info: Latest version: 2014030201
    [20:47:35] Checking file i18n/tr.utf8 [ No update ]
    [20:47:35] Info: This version : Binary file /var/lib/rkhunter/db/i18n/zh matches
    [20:47:35] Info: Latest version: 2009091601
    [20:47:35] Checking file i18n/zh [ No update ]
    [20:47:35] Info: This version : 2009091601
    [20:47:35] Info: Latest version: 2009091601
    [20:47:35] Checking file i18n/zh.utf8 [ No update ]

I asked a question on this here: https://askubuntu.com/questions/689058/binary-unexpected-operator-message-when-updating-rkhunter-definitions-on-1/ And this answer explores the issue deeper: https://askubuntu.com/a/689308/364819

---

OS Information:

    No LSB modules are available.
    Distributor ID: Ubuntu
    Description: Ubuntu 15.10
    Release: 15.10
    Codename: wily
    Flavour: GNOME
    GNOME Version: 3.18

Package Information:

    rkhunter:
      Installed: 1.4.2-3
      Candidate: 1.4.2-3
      Version table:
     *** 1.4.2-3 0
            500 http://archive.ubuntu.com/ubuntu/ wily/universe amd64 Packages
            100 /var/lib/dpkg/status

Revision history for this message
François Marier (fmarier) wrote :

This is fixed in Debian unstable as well as in the next version of Ubuntu (16.04).

So I recommend you install https://launchpad.net/ubuntu/+source/rkhunter/1.4.2-4

Changed in rkhunter (Ubuntu):
status: New → Fix Committed
Revision history for this message
Wise Melon (wise-melon-deactivatedaccount) wrote :

When will this version be pushed out for Ubuntu 15.10?

Changed in rkhunter (Debian):
status: Unknown → Fix Released
Revision history for this message
Jared Fernandez (jared-fernandez) wrote :

Can this fix be backported to wily-updates?

tags: added: wily
Revision history for this message
Adam Funk (a-funk) wrote :

I'm quite shocked that this problem was allowed to slip through on a security-related package. It needs to be backported urgently.

Revision history for this message
Wise Melon (wise-melon-deactivatedaccount) wrote :

I don't see the point of this only being implemented in the next version and why you can't just backport it in, it is an important patch, and really should be backported in, especially as this version of Ubuntu has only just been released, you shouldn't expect for us just to wait till the next version in 6 months to get this patch. I think it is actually rather unprofessional not to backport this in.

Lars Ljung (larslj)
tags: added: regression-release
Revision history for this message
Adam Funk (a-funk) wrote :

This bug was fixed in Debian in August!
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=791486

Why doesn't the "put your money where your mouth is" page have an option for "fix known bugs before piddling around with the GUIs"?

Changed in rkhunter (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.