Dear Friends,
I am using CENTOS 4.3 - kernel 2.6.9-42.0.2.EL with rkhunter version 1.2.8, but the rkhunter program show me problem on file /bin/kill.
I compare files /bin/kill with other CENTOS 4 and it has same size.
====================== SHOE LOG ===========================
Rootkit Hunter 1.2.8 is running Mon, 30 Oct 2006 12:56:44 -0200 Determining OS... Ready
Checking binaries * Selftests Strings (command) [ OK ]
* System tools Info: prelinked files found Performing 'known good' check... /bin/cat [ OK ] /bin/chmod [ OK ] /bin/chown [ OK ] /bin/date [ OK ] /bin/dmesg [ OK ] /bin/env [ OK ] /bin/grep [ OK ] /bin/kill [ BAD ] /bin/login [ OK ] /bin/ls [ OK ] /bin/more [ OK ] /bin/mount [ OK ] /bin/netstat [ OK ] /bin/ps [ OK ] /bin/su [ OK ]
===========================================================
I guess problem is rkhunter.
Thanks for help.
Adriano Frare
I am using CENTOS 4.3 - kernel 2.6.9-42.0.2.EL with rkhunter version 1.2.8, but the rkhunter program show me problem on file /bin/kill.
I compare files /bin/kill with other CENTOS 4 and it has same size.
I guess problem is rkhunter.
Yes and no. Your issue is likely caused by prelink, which alters binaries to load more quickly. This runs as part of a daily cron by default, so files can and in all likelihood will change over time. You should consider either adjusting rkhunter, or telling prelink to not mess with certain file directories.
I am using CENTOS 4.3 - kernel 2.6.9-42.0.2.EL with rkhunter version 1.2.8, but the rkhunter program show me problem on file /bin/kill.
I had the same issue and asked on the rkhunter mailing list. RKhunter is currently under new ownership and they are starting to fix issues like this. v1.2.9 is out now and in the mean time you can manually use hashupd.sh from the website [1] to update the rkhunter has database.
Oh and RKhunter uses prelink for the hash check so the hash should be constant when libraries are updated :-)
Dan
[1] New RKhunter home http://rkhunter.sourceforge.net/
I done downloading version 1.29 and create RPM file.
After install, I ran rkhunter -c and it work perfect.
Thanks
Adriano Frare
Dogsbody wrote:
I am using CENTOS 4.3 - kernel 2.6.9-42.0.2.EL with rkhunter version 1.2.8, but the rkhunter program show me problem on file /bin/kill.
I had the same issue and asked on the rkhunter mailing list. RKhunter is currently under new ownership and they are starting to fix issues like this. v1.2.9 is out now and in the mean time you can manually use hashupd.sh from the website [1] to update the rkhunter has database.
Oh and RKhunter uses prelink for the hash check so the hash should be constant when libraries are updated :-)
Dan
[1] New RKhunter home http://rkhunter.sourceforge.net/ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I have found that you might need to use the following file to fix the hashes. http://prdownloads.sourceforge.net/rkhunter/hashupd.sh?download
Josh
On 10/30/06, Adriano Frare alfrare@e-alinux.com wrote:
I done downloading version 1.29 and create RPM file.
After install, I ran rkhunter -c and it work perfect.
Thanks
Adriano Frare
Dogsbody wrote:
I am using CENTOS 4.3 - kernel 2.6.9-42.0.2.EL with rkhunter version 1.2.8, but the rkhunter program show me problem on file /bin/kill.
I had the same issue and asked on the rkhunter mailing list. RKhunter is currently under new ownership and they are starting to fix issues like this. v1.2.9 is out now and in the mean time you can manually use hashupd.sh from the website [1] to update the rkhunter has database.
Oh and RKhunter uses prelink for the hash check so the hash should be constant when libraries are updated :-)
Dan
[1] New RKhunter home http://rkhunter.sourceforge.net/ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Thanks for all !!!!!
Joshua Zukerman wrote:
I have found that you might need to use the following file to fix the hashes. http://prdownloads.sourceforge.net/rkhunter/hashupd.sh?download
Josh
On 10/30/06, Adriano Frare alfrare@e-alinux.com wrote:
I done downloading version 1.29 and create RPM file.
After install, I ran rkhunter -c and it work perfect.
Thanks
Adriano Frare
Dogsbody wrote:
I am using CENTOS 4.3 - kernel 2.6.9-42.0.2.EL with rkhunter version 1.2.8, but the rkhunter program show me problem on file /bin/kill.
I had the same issue and asked on the rkhunter mailing list. RKhunter is currently under new ownership and they are starting to fix issues like this. v1.2.9 is out now and in the mean time you can manually use hashupd.sh from the website [1] to update the rkhunter has database.
Oh and RKhunter uses prelink for the hash check so the hash should be constant when libraries are updated :-)
Dan
[1] New RKhunter home http://rkhunter.sourceforge.net/ _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
-
Adriano Frare -
Dogsbody -
Jim Perrin -
Joshua Zukerman