Re: rkhunter warnings, maybe yum issues?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 2014-01-30 at 17:11 -0800, William Mattison wrote:
>
> John says (regarding "rpm -qf --queryformat..." error codes)
> > This means that when rkhunter (RKH) uses the 'rpm' command to check a
> > package it is getting an error back. All it can do is log the problem.
> > If you run something like 'rpm -V chkconfig' then you will probably get
> > an error - that is what RKH is seeing.
> 
> But why all the rpm errors?  Is yum not doing something that it should
> be doing during an update?  Am I not doing something I should be
> doing?  Is something wrong with RPM or my RPM database?  What and
> where is the real bug, and what's the permanent fix?
>             
So what happened when you ran 'rpm -V ...'? It will probably show that
the package has changed in some way. That, in turn, may be normal if
(say) a configuration file has changed (in which case look at RKH
PKGMGR_NO_VRFY). It may be due to prelinking. Unfortunately prelinking
can change things such that dependency errors occur, and this will cause
RKH and (AFAIK) rpm and prelink itself to trip up.

>     
> John says (regarding prelink issues):
> > The problem here is prelinking. It will change file properties when it
> > runs, but RKH tries to detect this and so obtain the true values for
> > each file (either by using the rpm package manager or using the prelink
> > command to verify the file). In some cases a dependency the file has,
> > has changed. again, RKH cannot do anything about that, but suggests
> > running the prelink command. If it is occurring a lot with different
> > files, then you can try running 'prelink -qa', 'prelink -fa' or just
> > wait for the regular prelink cron job to run when it should sort out
> > prelinking problems. However, when I last looked the job ran about once
> >every two weeks :-)
> 
> "prelink -qa" fixes things only until the next yum update.  Should yum
> do a "prelink -qa" at the end of each update?
>
No, because not all packages require/use prelinking. A yum update
doesn't necessarily cause a problem with prelinking. There are only
problems if some dependency fails.



John.

-- 
John Horne                   Tel: +44 (0)1752 587287
Plymouth University, UK      Fax: +44 (0)1752 587001
-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux