Thread: [Rkhunter-users] newbie problem
Brought to you by:
dogsbody
From: George T. <g.t...@gm...> - 2013-01-11 19:44:59
|
hello all This is my first post to a mailing list, so in case i ve done something wrong sending this message in this email address, i am sorry. Now, i have installed rkhunter along with unhide and skdet in my FC17 32bit box. After the first scanning, i got these messages in my log for some programs like this: [21:14:32] /usr/bin/chattr [ Warning ] [21:14:32] Warning: Package manager verification has failed: [21:14:32] File: /usr/bin/chattr [21:14:32] Try running the command 'prelink /usr/bin/chattr' to resolve dependency errors. [21:14:32] The file hash value has changed [21:14:32] The file size has changed and [21:14:56] Info: The command 'rpm -qf --queryformat... /usr/bin/ed' gave error code 1. [21:14:56] /usr/bin/ed [ OK ] What could possibly be going wrong? Or at least, can someone point a direction as to where to find some answers? Any help would be appreciated. Thanks :) |
From: Dimitri Y. <dyi...@on...> - 2013-01-11 21:03:32
|
On Friday 11 January 2013 2:45:14 pm George Tataetis wrote: > hello all > > This is my first post to a mailing list, so in case i ve > done something wrong sending this message in this email > address, i am sorry. Now, i have installed rkhunter along > with unhide and skdet in my FC17 32bit box. After the > first scanning, i got these messages in my log for some > programs like this: > > [21:14:32] /usr/bin/chattr > [ Warning ] [21:14:32] Warning: Package manager > verification has failed: [21:14:32] File: > /usr/bin/chattr > [21:14:32] Try running the command 'prelink > /usr/bin/chattr' to resolve dependency errors. > [21:14:32] The file hash value has changed > [21:14:32] The file size has changed > > and > > [21:14:56] Info: The command 'rpm -qf --queryformat... > /usr/bin/ed' gave error code 1. > [21:14:56] /usr/bin/ed > [ OK ] > > What could possibly be going wrong? Or at least, can > someone point a direction as to where to find some > answers? Any help would be appreciated. Thanks :) > George, The first "warning" isn't uncommon, at least as far as my installation goes. Did you run "rkhunter --propupd" after installing rkhunter and making any adjustments in rkhunter.conf? In rkhunter, do you have PKGMGR=RPM? I find that setting it to "none, or simply "PKGMGR=" avoids fp's. There's stuff written about that (maybe on the rkhunter Web site, but I don't remember, exactly. You can go ahead and run "prelink -a" to deal with the first issue. As to the second issue, it may exist, but I've never heard of the ed program (/usr/bin/ed). Did you mean sed? Anyway, you could whitelist that program to stop the error, I suppose. Dimitri -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. |
From: George T. <g.t...@gm...> - 2013-01-11 21:21:32
|
On 01/11/2013 10:40 PM, Dimitri Yioulos wrote: > On Friday 11 January 2013 2:45:14 pm George Tataetis wrote: >> hello all >> >> This is my first post to a mailing list, so in case i ve >> done something wrong sending this message in this email >> address, i am sorry. Now, i have installed rkhunter along >> with unhide and skdet in my FC17 32bit box. After the >> first scanning, i got these messages in my log for some >> programs like this: >> >> [21:14:32] /usr/bin/chattr >> [ Warning ] [21:14:32] Warning: Package manager >> verification has failed: [21:14:32] File: >> /usr/bin/chattr >> [21:14:32] Try running the command 'prelink >> /usr/bin/chattr' to resolve dependency errors. >> [21:14:32] The file hash value has changed >> [21:14:32] The file size has changed >> >> and >> >> [21:14:56] Info: The command 'rpm -qf --queryformat... >> /usr/bin/ed' gave error code 1. >> [21:14:56] /usr/bin/ed >> [ OK ] >> >> What could possibly be going wrong? Or at least, can >> someone point a direction as to where to find some >> answers? Any help would be appreciated. Thanks :) >> > > George, > > The first "warning" isn't uncommon, at least as far as my > installation goes. Did you run "rkhunter --propupd" after > installing rkhunter and making any adjustments in > rkhunter.conf? In rkhunter, do you have PKGMGR=RPM? I > find that setting it to "none, or simply "PKGMGR=" avoids > fp's. There's stuff written about that (maybe on the > rkhunter Web site, but I don't remember, exactly. You can > go ahead and run "prelink -a" to deal with the first issue. > > As to the second issue, it may exist, but I've never heard > of the ed program (/usr/bin/ed). Did you mean sed? > Anyway, you could whitelist that program to stop the error, > I suppose. > > Dimitri > Hi Dimitri yes, i ve modified the conf for RPM and i ve run "rkhunter --propupd" afterwards. i 'm not that worried whether i have a rootkit. i only want to have some directives, as to how to handle the warnings and the error codes. for example, i had no idea what is prelink, but now that you ve sent it, i googled and i found something new. so thanks :) i really appreciate it. :) |