[CentOS] rkhunter and prelink [SOLVED]

Wed Aug 30 17:16:50 UTC 2017
m.roth at 5-cent.us <m.roth at 5-cent.us>

Tony, please don't top post. This isn't Outlook.

Tony Schreiner wrote:
>> On Wed, Aug 30, 2017 at 11:15 AM, <m.roth at 5-cent.us> wrote:
>>> Can't remember if I posted this before... We're getting warnings from
>>> rkhunterWarning: Checking for prerequisites               [ Warning ]
>>>    All file hash checks will be skipped because:
>>>    This system uses prelinking, but the hash function command does not
>>> look like SHA1 or MD5.
>>> Now, googling, I find people saying to rm /etc/prelink.cache, then run
>>> rkhunter --propupd.
>>> Works. And then, prelink runs in the middle of the night, via
>>> /etc/cron.daily, and when the cron job of rkhunter runs, it's back to
>>> complaining.
>>> Anyone have any ideas what's going on here? I don't see anything in the
>>> prelink.conf, or any options in the prelink manpage to tell is what
>>> hash to use.
> in my prior message, that should be in rkhunter.conf
> On Wed, Aug 30, 2017 at 11:43 AM, Tony Schreiner
> <anthony.schreiner at bc.edu>
> wrote:
>> This has come up for me on the most recent upgrade, add the line
>> HASH_CMD=sha1sum

Got the answer: I had HASH=sha256sum. That didn't work. sha1sum works.

Oh, that, and uncommenting the line in /etc/rkhunter.conf:

Works better, don't'cha know.

Thanks for the help and pushes in the right direction, folks.