rkhunter-users-request@... wrote:
> ------------------------------
>
> Message: 2
> Date: Wed, 25 Oct 2006 01:36:27 +0100
> From: John Horne <john.horne@...>
> Subject: Re: [Rkhunter-users] centos 4.4/FC4 prelink/selinux issue
> To: rkhunter-users@...
> Message-ID: <1161736587.2494.59.camel@...>
> Content-Type: text/plain
>
> On Tue, 2006-10-24 at 15:24 -0700, Mark Ness wrote:
>
>> For me, on FC5, ever since I got prelink running I've been getting the bad hashes.
>> I went through the procedure outlined in many recent posts. setenforce 0 > run prelink
>>
>>> run hashupd > got good hashes. setenforce 1, and the hashes are bad again.
>>>
>> I followed through with the setenforce 0 > rm prelink.cache > run prelink > run hashupd
>>
>>> good hashes > setenforce 1 bad hashes. Is this indicative of the prelink and selinux
>>>
>> problem you mention or am I supposed to get good hashes with selinux enabled after
>> following that procedure?
>>
>> In other words, as long as I'm getting bad hashes with rkhunter cron.daily run (selinux
>> enabled), should I be running rkhunter manually with setenforce 0 to verify the hashes?
>> -or- Does this indicate a problem with my machine?
>>
>>
> Ideally Fedora would release the selinux update that they say they have
> prepared. However they have not done so yet, so you will get bad hashes
> while the problem exists.
>
> If you want to modify your rkhunter script until the selinux update then
> you can do so:
> 1) Edit rkhunter and locate the line 'PRELINKING=1'
> 2) Either before or after that line insert:
> PRELINKBINARY="runcon -t unconfined_t -- ${PRELINKBINARY}"
> 3) Save the file.
>
> Then try running RKH.
>
>
>
> John.
>
>
I can live with this. I just needed that clarification, and you have
eased my mind quite a bit. I am also glad to here there
is a "fix" on the way. By the time it gets here, I'll may be running FC6
(and opening a new can of worms). ;)
Thank you much John
M.S.N.
|