Subject: | |
From: | |
Reply To: | |
Date: | Mon, 24 Jul 2017 09:15:43 +0300 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Hi,
we faced a similar problem, but checking /var/log/rkhunter/rkhunter.log
showed the real issue.
We're using prelinking, which apparently relies on SHA1 checksums.
The new rkhunter comes with SHA256 default hashing.
# echo "HASH_CMD=sha1sum" >> /etc/rkhunter.conf.local
solved the problem. That was on a CentOS server, but maybe it's relevant
even so.
Best regards,
Iosif Fettich
On Sun, 23 Jul 2017, David G. Miller wrote:
> On 07/22/2017 04:47 AM, Alec Habig wrote:
>> David G. Miller writes:
>>> Warning: The file '/usr/bin/ipcs' exists on the system, but it
>>> is not present in the 'rkhunter.dat' file.
>> I think this is the relevant bit. Looks to me like the updated rkhunter
>> changed how it cares about ipcs to resolve this localization bug bug
>> against the 1.4.2 version:
>>
>> https://sourceforge.net/p/rkhunter/mailman/message/32127754/
>>
>> Since the last time you did a "--propupd" to set up the DB of what your
>> system's "OK" state was with with the old bugged cersion, the daily
>> check complains (in a less than informative fashion).
>>
>> I just satisfied myself that ipcs was an ok copy and did a --propupd,
>> and now the rkhunter cron job is happy.
>>
> The -propupd helped with the ipcs file problem but didn't fix the "missing"
> hashes. 1.4.4-1 continues to complain that they're missing and 1.4.2 is
> happy with no changes to the system other than reverting to rkhunter-1.4.2-8.
>
> Cheers,
> Dave
>
> --
> "They that can give up essential liberty to obtain a little temporary safety
> deserve neither safety nor liberty."
>
> -- Benjamin Franklin
>
|
|
|