After an upgrade today, I ran rkhunter to re-check the system, and expected
to see some warnings on upgraded binaries.
After running rkhunter --propupd to update the hashes - it is not updating
the hashes on all the files, and this is visible when you look at the .dat
I have the latest version of rkhunter in the Centos repos' 1.4.0-1.el5.rf
and I have manually checked the binaries, and they correctly come for the
correct rpm according to a rpm.
Here is a sample of the rkhunter.dat file which is stored in
/var/lib/rkhunter/db and has been updated by rkhunter at the correct times.
Some have hashes others don't.
I have also checked the ones that don't with the prelink command , and that
works correctly with no errors, ie
# prelink --verify --sha /usr/sbin/useradd
Though you can see above in the .dat file it has no hash.
I have read the FAQ's and searched the web for a solution but have so far
pulled up a blank, so any pointers would be gratefully received.
From: John Horne <john.horne@pl...> - 2012-10-03 12:24:36
On Wed, 2012-10-03 at 10:31 +0100, Nick wrote:
> After an upgrade today, I ran rkhunter to re-check the system, and
> expected to see some warnings on upgraded binaries.
> After running rkhunter --propupd to update the hashes - it is not
> updating the hashes on all the files, and this is visible when you
> look at the .dat file.
When you run 'rkhunter --propupd' does it report that there are hashes
missing? For example, something like:
File updated: searched for 166 files, found 144, missing hashes 1
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK Fax: +44 (0)1752 587001