Home » Fixes » Fix Rootkit Hunter Errors: WEB_CMD and “Update failed”

Fix Rootkit Hunter Errors: WEB_CMD and “Update failed”

the text security and a mouse cursor


IT Security is an important topic nowadays. Since every aspect of our daily life is affected by IT, systems security and data security became essential. Hackers penetrate companies and their IT system all around the world day by day.

Also Linux can be compromised by hackers. Although Windows is still dominant on desktops and laptops and therefore it was the main target for hackers in the past, Linux has its high market shares in the servers sector and as well at the mobile devices market .

Windows systems were mainly affected by classical viruses in the past, while Linux desktops and Linux servers where more exposed to rootkits. A rootkit is a malicious software which grants full access, known as root access, to a hacker on a compromised system.

Rootkits are difficult to detect but there is software available which can give a first hint of compromise to a systems maintainer.

Among a few open source tools there is Rootkit Hunter available to scan Linux systems. But by default it can be misconfigured and some fixes need to be done:

The Problems and their Fixes

First of all the installation of Rootkit Hunter needs to be done. I show here the installation and the fixes on a Ubuntu Desktop. The command for the installation is :

sudo apt-get install rkhunter

As a next step we want to update the rootkit definitions similar to anti virus definitions:

sudo rkhunter --update

And then we are getting this error message:

Invalid WEB_CMD configuration option: Relative pathname: "/bin/false"

Here is a screen shot with of the problem:

…and as well we see the fix for the problem in the last line of the screen shot. Here is the command to copy for you:

sudo sed -i 's/WEB_CMD=\"\/bin\/false\"/WEB_CMD=\"\"/g' /etc/rkhunter.conf

But that’s not all! As we continue another error appears, if we run “sudo rkhunter –update” again. The output is “Update failed”. But there is also a fix as you see next:

terminal output update failed

The fix for the problem as bash command:

sudo sed -i 's/UPDATE_MIRRORS=0/UPDATE_MIRRORS=1/g' /etc/rkhunter.conf
sudo sed -i 's/MIRRORS_MODE=1/MIRRORS_MODE=0"\"/g' /etc/rkhunter.conf

Next we see that the command finally works:

But then another error appears if we want to ran a scan. The command for the scan is:

sudo rkunter -c

Here is the error message:

Invalid SCRIPTWHITELIST configuration option: Non-existent pathname: /usr/bin/egrep

Invalid SCRIPTWHITELIST configuration option: Non-existent pathname: /usr/bin/fgrep

Here is the screen shot of the probĺem:

terminal and sed command

And as well the fix is here as code:

sudo sed -i 's/\/usr\/bin\/egrep/\/bin\/egrep/g' /etc/rkhunter.conf

sudo sed -i 's/\/usr\/bin\/fgrep/\/bin\/fgrep/g' /etc/rkhunter.conf

After these modifications our rootkit check finally worked as you see here:

terminal rauth rkhunter check


Rootkit Hunter is a good piece of software but on some Ubuntu version it fails if it is executed after the installation. The procedures here make Rootkit Hunter functioning properly. As well I showed how to fix a problem with updating Rootkit Hunter.

Feel free to comment my blog post!

1 Comment

Leave a comment

Your email address will not be published. Required fields are marked *

consulting picture

WordPress Cookie Notice by Real Cookie Banner