Re: rkhunter does not like FC4 x86_64

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



John Horne a écrit :
On Tue, 2006-10-17 at 12:36 +0200, François Patte wrote:

Why FC4 x86_64 is not listed in /var/rkhunter/db/os.dat

Only O/S's which we were given hash entries for could be listed.


and why, if I change i386 to x86_64 on the line FC4, something changes it back to i386?


This would only happen if you ran 'rkhunter --update'. The os.dat file
is not changed by anything else.

so it is /etc/cron.daily/01-rkhunter the culprit.

How to add a new line with FC4 x84_64 in this file?


From the (CVS) FAQ:

   4.1) What does the warning "Determining OS... Warning: this
     operating system is not fully supported!" mean?

     It simply means that not all functions and checks can be
     performed, because the system is 'unknown' to RKH.

     If you want support for the O/S, then please open a
     'Support request' in the RKH tracker system on the web site.

Include information such as the contents of your /etc/fedora-release
file. You will also need to download the hashupd utility from the RKH
web site, and run that. Send us the output and attach the new os.dat
file.

I'll do it.


rkhunter send a warning message (this machine can be infected) if the OS is not in the file os.dat and, doing so, how can we trust rkhunter in that case?


It does not any such thing!! All it says is that the O/S is not fully
supported. In that case no MD5 hash check will be done, but the other
tests will run. If one of them finds something wrong then it will say
there is a possibility of infection, but that is nothing to with the O/S
being supported or not.

The exact text message sent is:

Please inspect this machine, because it can be infected

message has subject: [rkhunter] Warnings found for dipankar

This is not so much comforting!

--
François Patte
UFR de mathématiques et informatique
Université René Descartes
http://www.math-info.univ-paris5.fr/~patte

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux