Hi list,
after a bit of struggling I found out how to cleanly install rkhunter ... maybe this is useful for you: * Download rkhunter (I downloaded v 1.2.8) * mv /etc/rpm/platform /root/etc_rpm_platform * setarch i386 rpmbuild -ta --target=i386 rkhunter-1.2.8.tar.gz * mv /root/etc_rpm_platform /etc/rpm/platform * rpm -ivh /usr/src/redhat/RPMS/noarch/rkhunter-1.2.8-1.noarch.rpm * wget http://prdownloads.sourceforge.net/rkhunter/hashupd.sh?download * chmod +x hashupd.sh * ./hashupd.sh
In general I had 2 problems: * On my 64 bit machine, the __libdir was set to /usr/lib64 whereas rkhunter uses an ugly "/usr/lib" (solved with moving the platform file temporarily) * rkhunter -c showed me all the binaries in /bin /sbin/ and /usr/bin as 'bad'. (solved with downloading and calling ./hashupd.sh)
HTH cu - Michael
after a bit of struggling I found out how to cleanly install rkhunter ... maybe this is useful for you:
- Download rkhunter (I downloaded v 1.2.8)
- mv /etc/rpm/platform /root/etc_rpm_platform
- setarch i386 rpmbuild -ta --target=i386 rkhunter-1.2.8.tar.gz
- mv /root/etc_rpm_platform /etc/rpm/platform
- rpm -ivh /usr/src/redhat/RPMS/noarch/rkhunter-1.2.8-1.noarch.rpm
- wget http://prdownloads.sourceforge.net/rkhunter/hashupd.sh?download
- chmod +x hashupd.sh
- ./hashupd.sh
In general I had 2 problems:
- On my 64 bit machine, the __libdir was set to /usr/lib64 whereas
rkhunter uses an ugly "/usr/lib" (solved with moving the platform file temporarily)
- rkhunter -c showed me all the binaries in /bin /sbin/ and /usr/bin as
'bad'. (solved with downloading and calling ./hashupd.sh)
You can (should) use the pre-built rk-hunter package in KBS-Extras(http://centos.karan.org, or http://wiki.centos.org/Repositories). It's prebuilt for you, which solves have your issue. The other half is because rkhunter doesn't play well with prelink, which runs as a cron job and ensures that applications load as quickly as possible. There are workarounds for this, and I believe there's a patch to rkhunter which resolves it.
On 12/2/2006 7:50 PM, Jim Perrin wrote:
In general I had 2 problems:
- On my 64 bit machine, the __libdir was set to /usr/lib64 whereas
rkhunter uses an ugly "/usr/lib" (solved with moving the platform file temporarily)
- rkhunter -c showed me all the binaries in /bin /sbin/ and /usr/bin as
'bad'. (solved with downloading and calling ./hashupd.sh)
You can (should) use the pre-built rk-hunter package in KBS-Extras(http://centos.karan.org, or http://wiki.centos.org/Repositories). It's prebuilt for you, which solves have your issue. The other half is because rkhunter doesn't play well with prelink, which runs as a cron job and ensures that applications load as quickly as possible. There are workarounds for this, and I believe there's a patch to rkhunter which resolves it.
ok, the kbs-extras version solved the problem with __libdir (thanks for the hint!), but I've still got the issue with 'Bad' with all the files listed in /bin, /sbin and /usr/bin (and one in /usr/sbin). Here, hashupd still was necessary. Regards, Michael
-
Jim Perrin -
Michael Kress