Joe says: > If it helps, I don't have either a /dev/dev or a /root/.readahead. > However, I'm running F19 on my desktop, with Xfce, although I never use > a GUI as root. I also don't have rkhunter installed, so that might be > significant. The file is not "/root/.readahead". The mystery file is "/.readahead". What is this mystery file? Frank asks: > Did you run rkhunter prior to update? to check for nasties? # if not too late now. yes. > did you run "rkhunter --propupd" after FN+1 which would be required yes. John says (regarding "rpm -qf --queryformat..." error codes) > This means that when rkhunter (RKH) uses the 'rpm' command to check a > package it is getting an error back. All it can do is log the problem. > If you run something like 'rpm -V chkconfig' then you will probably get > an error - that is what RKH is seeing. But why all the rpm errors? Is yum not doing something that it should be doing during an update? Am I not doing something I should be doing? Is something wrong with RPM or my RPM database? What and where is the real bug, and what's the permanent fix? John says (regarding prelink issues): > The problem here is prelinking. It will change file properties when it > runs, but RKH tries to detect this and so obtain the true values for > each file (either by using the rpm package manager or using the prelink > command to verify the file). In some cases a dependency the file has, > has changed. again, RKH cannot do anything about that, but suggests > running the prelink command. If it is occurring a lot with different > files, then you can try running 'prelink -qa', 'prelink -fa' or just > wait for the regular prelink cron job to run when it should sort out > prelinking problems. However, when I last looked the job ran about once >every two weeks :-) "prelink -qa" fixes things only until the next yum update. Should yum do a "prelink -qa" at the end of each update? John says (regarding the GasKit rootkit warning): > It's a bug in F20 with the 'dracut' package, the '/dev/dev' directory is > created by mistake(see > https://bugzilla.redhat.com/show_bug.cgi?id=1045116). I got the same > problem. There is a fix, or you could wait for an update to the package. > You can whitelist this in your RKH config file (see RTKT_DIR_WHITELIST). Good. Thank-you, John. Bill. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
