Hi,

we faced a similar problem, but checking /var/log/rkhunter/rkhunter.log 
showed the real issue.

We're using prelinking, which apparently relies on SHA1 checksums.
The new rkhunter comes with SHA256 default hashing.

# echo "HASH_CMD=sha1sum" >> /etc/rkhunter.conf.local

solved the problem. That was on a CentOS server, but maybe it's relevant 
even so.

Best regards,

Iosif Fettich




On Sun, 23 Jul 2017, David G. Miller wrote:

> On 07/22/2017 04:47 AM, Alec Habig wrote:
>> David G. Miller writes:
>>> Warning: The file '/usr/bin/ipcs' exists on the system, but it
>>> is not present in the 'rkhunter.dat' file.
>> I think this is the relevant bit.  Looks to me like the updated rkhunter
>> changed how it cares about ipcs to resolve this localization bug bug
>> against the 1.4.2 version:
>>
>>    https://sourceforge.net/p/rkhunter/mailman/message/32127754/
>> 
>> Since the last time you did a "--propupd" to set up the DB of what your
>> system's "OK" state was with with the old bugged cersion, the daily
>> check complains (in a less than informative fashion).
>> 
>> I just satisfied myself that ipcs was an ok copy and did a --propupd,
>> and now the rkhunter cron job is happy.
>> 
> The -propupd helped with the ipcs file problem but didn't fix the "missing" 
> hashes.  1.4.4-1 continues to complain that they're missing and 1.4.2 is 
> happy with no changes to the system other than reverting to rkhunter-1.4.2-8.
>
> Cheers,
> Dave
>
> -- 
> "They that can give up essential liberty to obtain a little temporary safety 
> deserve neither safety nor liberty."
>
> -- Benjamin Franklin
>