I have several machines running CentOS 4.4 that have rkhunter 1.2.9
installed. When I run an rkhunter check I get bad hashes for /bin/
kill and /usr/bin/find.
These files belong to the util-linux-2.12a-16.EL4.20 and
findutils-4.1.20-7.el4.3 packages respectively. The hashes were fine
when these machines still ran CentOS 4.3 and rpm -V says these
packages are installed just fine. I'm pretty confident that these
files are ok as the update to CentOS 4.4 made these files go "bad" on
all CentOS machines simultaneously.
How do I report the hashes for these files? Do I just run md5sum on
them and mail the hashes to this list?
I also I have one Fedora Core 2 machine left (which soon will be
replaced by a CentOS server) on which rkhunter reports five bad
hashes. I've have installed the latest security updates from the
Fedora Legacy Project on this machine and apparently rkhunter doesn't
know these updates, because when I downgrade to the latest non-Fedora
Legacy versions the hashes are ok. Upgrading to the Fedora Legacy
versions makes rkhunter think they're bad again. I'd like to report
the hashes for these files as well.
Thanks in advance,
> On Wed, 18 Oct 2006, Nils Breunese (Lemonbit) wrote:
>> I have several machines running CentOS 4.4 that have rkhunter
>> 1.2.9 installed. When I run an rkhunter check I get bad hashes
>> for /bin/kill and /usr/bin/find.
> If you don't mind me being terse, sporadic local hash mismatches
> are addressed in the mailing list archive (but the SF archives are
> still not updated) and in the FAQ, section 4.4 (http://
> docid=35179&group_id=155034). If after remedying it you still find
> errors I'd like to hear.
Ok, after downloading hashupd.sh on all servers and running it the
hashes are all OK now. I have been running rkhunter for quite a long
time now and I have never had to use hashupd.sh, I didn't even know