rkhunter update failed, cannot find dat files

update centos7 rkhunter

I have a CentOs 7.6 up and running with rkhunter for a long time now. After all my os updates, I run rkhunter --update --propupd but it fails since recently.

[ Rootkit Hunter version 1.4.6 ]
File updated: searched for 175 files, found 133

Checking rkhunter data files...
  Checking file mirrors.dat                                  [ Update failed ]
  Checking file programs_bad.dat                             [ Update failed ]
  Checking file backdoorports.dat                            [ Update failed ]
  Checking file suspscan.dat                                 [ Update failed ]
  Checking file i18n versions                                [ Update failed ]

Please check the log file (/var/log/rkhunter/rkhunter.log)

[15:21:15] Running Rootkit Hunter version 1.4.6 on stadler-jonas
[15:21:15]
[15:21:15] Info: Start date is Mon 29 Mar 15:21:15 CEST 2021
[15:21:15]
[15:21:15] Checking configuration file and command-line options...
[15:21:15] Info: Detected operating system is 'Linux'
[15:21:15] Info: Found O/S name: CentOS Linux release 7.9.2009 (Core)
[15:21:16] Info: Command line is /bin/rkhunter --update --propupd
[15:21:16] Info: Environment shell is /bin/zsh; rkhunter is using bash
[15:21:16] Info: Using configuration file '/etc/rkhunter.conf'
[15:21:16] Info: Installation directory is '/usr'
[15:21:16] Info: Using language 'en'
[15:21:16] Info: Using '/var/lib/rkhunter/db' as the database directory
[15:21:16] Info: Using '/usr/share/rkhunter/scripts' as the support script directory
[15:21:16] Info: Using '/usr/local/sbin /usr/local/bin /sbin /bin /usr/sbin /usr/bin /usr/libexec /usr/local/libexec' as the command directories
[15:21:16] Info: Using '/var/lib/rkhunter' as the temporary directory
[15:21:16] Info: X will be automatically detected
[15:21:16] Info: Found the 'basename' command: /bin/basename
[15:21:16] Info: Found the 'diff' command: /bin/diff
[15:21:16] Info: Found the 'dirname' command: /bin/dirname
[15:21:16] Info: Found the 'file' command: /bin/file
[15:21:16] Info: Found the 'find' command: /bin/find
[15:21:16] Info: Found the 'ifconfig' command: /sbin/ifconfig
[15:21:16] Info: Found the 'ip' command: /sbin/ip
[15:21:16] Info: Found the 'ipcs' command: /bin/ipcs
[15:21:16] Info: Found the 'ldd' command: /bin/ldd
[15:21:16] Info: Found the 'lsattr' command: /bin/lsattr
[15:21:16] Info: Found the 'lsmod' command: /sbin/lsmod
[15:21:16] Info: Found the 'lsof' command: /sbin/lsof
[15:21:16] Info: Found the 'mktemp' command: /bin/mktemp
[15:21:16] Info: Found the 'netstat' command: /bin/netstat
[15:21:16] Info: Found the 'numfmt' command: /bin/numfmt
[15:21:16] Info: Found the 'perl' command: /bin/perl
[15:21:16] Info: Found the 'pgrep' command: /bin/pgrep
[15:21:16] Info: Found the 'ps' command: /bin/ps
[15:21:16] Info: Found the 'pwd' command: /bin/pwd
[15:21:16] Info: Found the 'readlink' command: /bin/readlink
[15:21:16] Info: Found the 'stat' command: /bin/stat
[15:21:16] Info: Found the 'strings' command: /bin/strings
[15:21:16] Info: Found the 'wget' command: /bin/wget
[15:21:16] Info: System is not using prelinking
[15:21:16] Info: Using the '/bin/sha256sum' command for the file hash checks
[15:21:16] Info: Stored hash values used hash function '/bin/sha256sum'
[15:21:16] Info: Stored hash values used package manager 'RPM'
[15:21:17] Info: The hash function field index is set to 1
[15:21:17] Info: Using package manager 'RPM' to update the file hash values
[15:21:17] Info: Found the 'rpm' command: /bin/rpm
[15:21:17] Info: Using package manager 'RPM' for file property checks
[15:21:17] Info: Found the 'rpm' command: /bin/rpm
[15:21:17] Info: Current file attributes will be stored
[15:21:17] Info: The mirrors file will be rotated
[15:21:17] Info: Both local and remote mirrors will be used
[15:21:17] Info: The mirrors file will be updated
[15:21:17] Info: Logging to log file: /var/log/rkhunter/rkhunter.log
[15:21:17] Info: Current logging will be appended to the log file
[15:21:17] Info: Locking is not being used
[15:21:17]
[15:21:17] Info: Starting file properties data update...
[15:21:17] Info: Created temporary file '/var/lib/rkhunter/rkhunter.dat.kQfKgSvfuC'
[15:21:17] Collecting O/S info...
[15:21:17] Info: Found system architecture: x86_64
[15:21:17] Info: Found release file: /etc/system-release
[15:21:17] Info: Found O/S name: CentOS Linux release 7.9.2009 (Core)
[15:21:17] Getting file properties...
[15:21:52] Info: Found 35 files in /usr/sbin
[15:21:52] Info: Found 97 files in /usr/bin
[15:21:52] Info: Found 1 files in /usr/lib/systemd
[15:21:52] Info: File updated: searched for 175 files, found 133
[15:21:52] Info: New 'rkhunter.dat' file installed in '/var/lib/rkhunter/db'
[15:21:52]
[15:21:52] Checking rkhunter data files...
[15:21:52] Info: Created temporary file '/var/lib/rkhunter/rkhunter.upd.6SWKSwOOqv'
[15:21:52] Info: Created temporary file '/var/lib/rkhunter/mirrors.dat.wwO4z9hT3K'
[15:21:52] Info: The mirrors file has been rotated: /var/lib/rkhunter/db/mirrors.dat
[15:21:52] Info: Executing download command '/bin/wget  -q -O "/var/lib/rkhunter/rkhunter.upd.6SWKSwOOqv" https://rkhunter.sourceforge.io/mirrors.dat 2>/dev/null'
[15:21:53] Info: Download failed - 1 mirror(s) left.
[15:21:53] Info: Created temporary file '/var/lib/rkhunter/mirrors.dat.sknQKrCqq0'
[15:21:53] Info: The mirrors file has been rotated: /var/lib/rkhunter/db/mirrors.dat
[15:21:53] Info: Executing download command '/bin/wget  -q -O "/var/lib/rkhunter/rkhunter.upd.6SWKSwOOqv" https://rkhunter.sourceforge.io/mirrors.dat 2>/dev/null'
[15:21:54] Warning: Download of 'mirrors.dat' failed: Unable to determine the latest version number.
[15:21:54] Checking file mirrors.dat                         [ Update failed ]
[15:21:54] Info: Executing download command '/bin/wget  -q -O "/var/lib/rkhunter/rkhunter.upd.6SWKSwOOqv" https://rkhunter.sourceforge.io/programs_bad.dat 2>/dev/null'
[15:21:56] Info: Download failed - 1 mirror(s) left.
[15:21:56] Info: Created temporary file '/var/lib/rkhunter/mirrors.dat.NmhUHcrnHM'
[15:21:56] Info: The mirrors file has been rotated: /var/lib/rkhunter/db/mirrors.dat
[15:21:56] Info: Executing download command '/bin/wget  -q -O "/var/lib/rkhunter/rkhunter.upd.6SWKSwOOqv" https://rkhunter.sourceforge.io/programs_bad.dat 2>/dev/null'
[15:21:57] Warning: Download of 'programs_bad.dat' failed: Unable to determine the latest version number.
[15:21:57] Checking file programs_bad.dat                    [ Update failed ]
[15:21:57] Info: Executing download command '/bin/wget  -q -O "/var/lib/rkhunter/rkhunter.upd.6SWKSwOOqv" https://rkhunter.sourceforge.io/backdoorports.dat 2>/dev/null'
[15:21:58] Info: Download failed - 1 mirror(s) left.
[15:21:58] Info: Created temporary file '/var/lib/rkhunter/mirrors.dat.3ROpkzWzsB'
[15:21:58] Info: The mirrors file has been rotated: /var/lib/rkhunter/db/mirrors.dat
[15:21:58] Info: Executing download command '/bin/wget  -q -O "/var/lib/rkhunter/rkhunter.upd.6SWKSwOOqv" https://rkhunter.sourceforge.io/backdoorports.dat 2>/dev/null'
[15:21:59] Warning: Download of 'backdoorports.dat' failed: Unable to determine the latest version number.
[15:21:59] Checking file backdoorports.dat                   [ Update failed ]
[15:21:59] Info: Executing download command '/bin/wget  -q -O "/var/lib/rkhunter/rkhunter.upd.6SWKSwOOqv" https://rkhunter.sourceforge.io/suspscan.dat 2>/dev/null'
[15:22:00] Info: Download failed - 1 mirror(s) left.
[15:22:00] Info: Created temporary file '/var/lib/rkhunter/mirrors.dat.h8e1l69V8g'
[15:22:01] Info: The mirrors file has been rotated: /var/lib/rkhunter/db/mirrors.dat
[15:22:01] Info: Executing download command '/bin/wget  -q -O "/var/lib/rkhunter/rkhunter.upd.6SWKSwOOqv" https://rkhunter.sourceforge.io/suspscan.dat 2>/dev/null'
[15:22:02] Warning: Download of 'suspscan.dat' failed: Unable to determine the latest version number.
[15:22:02] Checking file suspscan.dat                        [ Update failed ]
[15:22:02] Info: Executing download command '/bin/wget  -q -O "/var/lib/rkhunter/rkhunter.upd.6SWKSwOOqv" https://rkhunter.sourceforge.io/i18n/1.4.6/i18n.ver 2>/dev/null'
[15:22:03] Info: Download failed - 1 mirror(s) left.
[15:22:03] Info: Created temporary file '/var/lib/rkhunter/mirrors.dat.qXcc7W49IK'
[15:22:03] Info: The mirrors file has been rotated: /var/lib/rkhunter/db/mirrors.dat
[15:22:03] Info: Executing download command '/bin/wget  -q -O "/var/lib/rkhunter/rkhunter.upd.6SWKSwOOqv" https://rkhunter.sourceforge.io/i18n/1.4.6/i18n.ver 2>/dev/null'
[15:22:04] Checking file i18n versions                       [ Update failed ]
[15:22:04] Warning: Download of 'i18n.ver' failed: Unable to determine the latest version number.
[15:22:04]
[15:22:04] Info: End date is Mon 29 Mar 15:22:04 CEST 2021

When I try to open one of the .dat files in my browser (http://rkhunter.sourceforge.net/mirrors.dat) I get the following:

An error has been encountered in accessing this page.

1. Server: rkhunter.sourceforge.net
2. URL path: /mirrors.dat
3. Error notes: NONE
4. Error type: 404
5. Request method: GET
6. Request query string: NONE
7. Time: 2021-03-29 13:22:53 UTC (1617024173)

Reporting this problem: The problem you have encountered is with a project web site hosted by SourceForge.net. This issue should be reported to the SourceForge.net-hosted project (not to SourceForge.net).

If this is a severe or recurring/persistent problem, please do one of the following, and provide the error text (numbered 1 through 7, above):

Contact the project via their designated support resources.
Contact the project administrators of this project via email (see the upper right-hand corner of the Project Summary page for their usernames) at [email protected]
If you are a maintainer of this web content, please refer to the Site Documentation regarding web services for further assistance.

NOTE: As of 2008-10-23 directory index display has been disabled by default. This option may be re-enabled by the project by placing a file with the name ".htaccess" with this line:

Options +Indexes

I googled a lot, but cannot find something of great help.


Please check the content of /var/lib/rkhunter/db/mirrors.dat. If the content is

Version:2021020601
remote=https://rkhunter.sourceforge.io
mirror=https://rkhunter.sourceforge.io

change it to

Version:2021020602
mirror=http://rkhunter.sourceforge.net
remote=http://rkhunter.sourceforge.net

Also check your MIRRORS_MODE configuration (in /etc/rkhunter.conf). In most cases this value should be set to 0

Look also at:

  • https://sourceforge.net/p/rkhunter/mailman/rkhunter-users/thread/87af14dae764b704d5302030f92b3160%40192.168.1.2/#msg37313895
  • https://sourceforge.net/p/rkhunter/mailman/message/37214275/

Related

ADFS - Combining Claims from Provider Trusts and AD
Using an ipset to block IPs [closed]
Why does my container not contain DB data after I commit it?
SSL on IIS8.5 - Working with named URL, but localhost results in ERR_CERT_COMMON_NAME_INVALID
Error during openssl s_client connection, SSL alert number 48
Azure Log Analytics 'where' operator: Failed to resolve table or column expression named 'SecurityEvent'
Exposing service in Kubernetes
Is Macports as good or as bad as I get the impression? [closed]
Prometheus: scrape interval is 1m, but resolution is still 15s
is cloudflare now using let's encrypt certificates for edge?
Domain Controllers Experiencing Heavy Network Load From Almost All Machines In the Domain
Iptables forward all traffic to a specified port and IP address, to another device [duplicate]