Can't remember if I posted this before... We're getting warnings from rkhunterWarning: Checking for prerequisites [ Warning ] All file hash checks will be skipped because: This system uses prelinking, but the hash function command does not look like SHA1 or MD5.
Now, googling, I find people saying to rm /etc/prelink.cache, then run rkhunter --propupd.
Works. And then, prelink runs in the middle of the night, via /etc/cron.daily, and when the cron job of rkhunter runs, it's back to complaining.
Anyone have any ideas what's going on here? I don't see anything in the prelink.conf, or any options in the prelink manpage to tell is what hash to use.
mark
This has come up for me on the most recent upgrade, add the line
HASH_CMD=sha1sum
On Wed, Aug 30, 2017 at 11:15 AM, m.roth@5-cent.us wrote:
Can't remember if I posted this before... We're getting warnings from rkhunterWarning: Checking for prerequisites [ Warning ] All file hash checks will be skipped because: This system uses prelinking, but the hash function command does not look like SHA1 or MD5.
Now, googling, I find people saying to rm /etc/prelink.cache, then run rkhunter --propupd.
Works. And then, prelink runs in the middle of the night, via /etc/cron.daily, and when the cron job of rkhunter runs, it's back to complaining.
Anyone have any ideas what's going on here? I don't see anything in the prelink.conf, or any options in the prelink manpage to tell is what hash to use.
mark
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
in my prior message, that should be in rkhunter.conf
On Wed, Aug 30, 2017 at 11:43 AM, Tony Schreiner anthony.schreiner@bc.edu wrote:
This has come up for me on the most recent upgrade, add the line
HASH_CMD=sha1sum
On Wed, Aug 30, 2017 at 11:15 AM, m.roth@5-cent.us wrote:
Can't remember if I posted this before... We're getting warnings from rkhunterWarning: Checking for prerequisites [ Warning ] All file hash checks will be skipped because: This system uses prelinking, but the hash function command does not look like SHA1 or MD5.
Now, googling, I find people saying to rm /etc/prelink.cache, then run rkhunter --propupd.
Works. And then, prelink runs in the middle of the night, via /etc/cron.daily, and when the cron job of rkhunter runs, it's back to complaining.
Anyone have any ideas what's going on here? I don't see anything in the prelink.conf, or any options in the prelink manpage to tell is what hash to use.
mark
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
Tony, please don't top post. This isn't Outlook.
Tony Schreiner wrote:
On Wed, Aug 30, 2017 at 11:15 AM, m.roth@5-cent.us wrote:
Can't remember if I posted this before... We're getting warnings from rkhunterWarning: Checking for prerequisites [ Warning ] All file hash checks will be skipped because: This system uses prelinking, but the hash function command does not look like SHA1 or MD5.
Now, googling, I find people saying to rm /etc/prelink.cache, then run rkhunter --propupd.
Works. And then, prelink runs in the middle of the night, via /etc/cron.daily, and when the cron job of rkhunter runs, it's back to complaining.
Anyone have any ideas what's going on here? I don't see anything in the prelink.conf, or any options in the prelink manpage to tell is what hash to use.
in my prior message, that should be in rkhunter.conf
On Wed, Aug 30, 2017 at 11:43 AM, Tony Schreiner anthony.schreiner@bc.edu wrote:
This has come up for me on the most recent upgrade, add the line
HASH_CMD=sha1sum
Got the answer: I had HASH=sha256sum. That didn't work. sha1sum works.
Oh, that, and uncommenting the line in /etc/rkhunter.conf: USER_FILEPROP_FILES_DIRS=/etc/rkhunter.conf.local
Works better, don't'cha know.
Thanks for the help and pushes in the right direction, folks.
mark
On Wed, August 30, 2017 10:43 am, Tony Schreiner wrote:
This has come up for me on the most recent upgrade, add the line
HASH_CMD=sha1sum
On Wed, Aug 30, 2017 at 11:15 AM, m.roth@5-cent.us wrote:
Can't remember if I posted this before... We're getting warnings from rkhunterWarning: Checking for prerequisites [ Warning ] All file hash checks will be skipped because: This system uses prelinking, but the hash function command does not look like SHA1 or MD5.
Now, googling, I find people saying to rm /etc/prelink.cache, then run rkhunter --propupd.
Works. And then, prelink runs in the middle of the night, via /etc/cron.daily, and when the cron job of rkhunter runs, it's back to complaining.
Prelink is evil, in a sense of what it does. Allegedly it helps to load into memory binaries and libraries faster, for that it TOUCHES every one of them regularly. This effectively defeats the way we watch for system integrity by tracking all system files and libraries information, such as: file sizes, time stamps, inode numbers, checksums. The very moment RedHat made prelink installed by default, I was so upset that you can feel these my feelings in my writing now are still present. I got rid of prelink, and I rid of it specifically on my kickstart files. Two or three years down the road RedHat came to its senses and removed prelink from what is installed by default. I'm surprised, Mark, that you still have it some place. Any specific reason? If not, get rid of prelink which does waaay more harm than it does good IMHO.
Valeri
Anyone have any ideas what's going on here? I don't see anything in the prelink.conf, or any options in the prelink manpage to tell is what hash to use.
mark
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
On Wed, 2017-08-30 at 11:03 -0500, Valeri Galtsev wrote:
On Wed, August 30, 2017 10:43 am, Tony Schreiner wrote:
This has come up for me on the most recent upgrade, add the line
HASH_CMD=sha1sum
On Wed, Aug 30, 2017 at 11:15 AM, m.roth@5-cent.us wrote:
Can't remember if I posted this before... We're getting warnings from rkhunterWarning: Checking for prerequisites [ Warning ] All file hash checks will be skipped because: This system uses prelinking, but the hash function command does not look like SHA1 or MD5.
Now, googling, I find people saying to rm /etc/prelink.cache, then run rkhunter --propupd.
Works. And then, prelink runs in the middle of the night, via /etc/cron.daily, and when the cron job of rkhunter runs, it's back to complaining.
Prelink is evil, in a sense of what it does. Allegedly it helps to load into memory binaries and libraries faster, for that it TOUCHES every one of them regularly. This effectively defeats the way we watch for system integrity by tracking all system files and libraries information, such as: file sizes, time stamps, inode numbers, checksums. The very moment RedHat made prelink installed by default, I was so upset that you can feel these my feelings in my writing now are still present. I got rid of prelink, and I rid of it specifically on my kickstart files. Two or three years down the road RedHat came to its senses and removed prelink from what is installed by default. I'm surprised, Mark, that you still have it some place. Any specific reason? If not, get rid of prelink which does waaay more harm than it does good IMHO.
Or keep prelink and modify your HASH_CMD to "prelink -y /path/to/binary|sha1sum"
Mark
Valeri
Anyone have any ideas what's going on here? I don't see anything in the prelink.conf, or any options in the prelink manpage to tell is what hash to use.
mark
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
On Wed, August 30, 2017 11:27 am, Christian, Mark wrote:
On Wed, 2017-08-30 at 11:03 -0500, Valeri Galtsev wrote:
On Wed, August 30, 2017 10:43 am, Tony Schreiner wrote:
This has come up for me on the most recent upgrade, add the line
HASH_CMD=sha1sum
On Wed, Aug 30, 2017 at 11:15 AM, m.roth@5-cent.us wrote:
Can't remember if I posted this before... We're getting warnings
from
rkhunterWarning: Checking for prerequisites [ Warning
]
All file hash checks will be skipped because: This system uses prelinking, but the hash function command does
not
look like SHA1 or MD5.
Now, googling, I find people saying to rm /etc/prelink.cache, then
run
rkhunter --propupd.
Works. And then, prelink runs in the middle of the night, via /etc/cron.daily, and when the cron job of rkhunter runs, it's back
to
complaining.
Prelink is evil, in a sense of what it does. Allegedly it helps to load into memory binaries and libraries faster, for that it TOUCHES every one of them regularly. This effectively defeats the way we watch for system integrity by tracking all system files and libraries information, such as: file sizes, time stamps, inode numbers, checksums. The very moment RedHat made prelink installed by default, I was so upset that you can feel these my feelings in my writing now are still present. I got rid of prelink, and I rid of it specifically on my kickstart files. Two or three years down the road RedHat came to its senses and removed prelink from what is installed by default. I'm surprised, Mark, that you still have it some place. Any specific reason? If not, get rid of prelink which does waaay more harm than it does good IMHO.
Or keep prelink and modify your HASH_CMD to "prelink -y /path/to/binary|sha1sum"
IMHO that means keeping the evil in the loop, the loop that should be tightest, slimmest and awfully trusted. Which partly much defeats the reasons why we watch the files. And it doesn't help with ever changing file inode numbers, timestamps, only checksums (I use different from OP's system integrity tools, so I'm not certain if the last matters for OP). Anyway, my decision was to get rid of evil. But that is me who puts system integrity three levels above how fast the system feels (and feeling is only about how fast the application starts, not how fast it runs). Sorry, my attitude to prelink will keep showing always ;-)
Valeri
Mark
Valeri
Anyone have any ideas what's going on here? I don't see anything in
the
prelink.conf, or any options in the prelink manpage to tell is what
hash
to use.
mark
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++ _______________________________________________ CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
On Wed, 2017-08-30 at 11:15 -0400, m.roth@5-cent.us wrote:
Can't remember if I posted this before... We're getting warnings from rkhunterWarning: Checking for prerequisites [ Warning ] All file hash checks will be skipped because: This system uses prelinking, but the hash function command does not look like SHA1 or MD5.
Check in the rkhunter log file (probably /var/log/rkhunter.log). It will tell you what hash command it is using as it runs. For prelinking it must be SHA1 or MD5 (set via the HASH_CMD config option). If you set it to literally 'SHA1' or 'MD5', then RKH will look for the relevant command.
John.
-- John Horne | Senior Operations Analyst | Technology and Information Services University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK ________________________________ [http://www.plymouth.ac.uk/images/email_footer.gif]http://www.plymouth.ac.uk/worldclass
This email and any files with it are confidential and intended solely for the use of the recipient to whom it is addressed. If you are not the intended recipient then copying, distribution or other use of the information contained is strictly prohibited and you should not rely on it. If you have received this email in error please let the sender know immediately and delete it from your system(s). Internet emails are not necessarily secure. While we take every care, Plymouth University accepts no responsibility for viruses and it is your responsibility to scan emails and their attachments. Plymouth University does not accept responsibility for any changes made after it was sent. Nothing in this email or its attachments constitutes an order for goods or services unless accompanied by an official order form.
-
Christian, Mark -
John Horne -
m.roth@5-cent.us -
Tony Schreiner -
Valeri Galtsev