Michael asks:
> Could you give an example showing the queries you've performed?
>
> "whereis" looks for files available on the file-system in various paths.
> "rpm" only covers files included in installed RPM packages as tracked by
> the local RPM database.
I'll show rkhunter log entries, "rpm -V" output, and "whereis" output
for 6 packages...
Here are 6 of the messages from the rkhunter log:
[18:55:34] Info: The command 'rpm -qf --queryformat...
/usr/sbin/chkconfig' gave error code 1.
[18:55:39] Info: The command 'rpm -qf --queryformat... /usr/sbin/fuser'
gave error code 1.
[18:55:40] Info: The command 'rpm -qf --queryformat...
/usr/sbin/ifconfig' gave error code 1.
[18:55:44] Info: The command 'rpm -qf --queryformat... /usr/sbin/route'
gave error code 1.
[18:55:44] Info: The command 'rpm -qf --queryformat...
/usr/sbin/rsyslogd' gave error code 1.
[18:56:07] Info: The command 'rpm -qf --queryformat... /usr/bin/mailx'
gave error code 1.
Here's the rpm -V output for those same 6 packages:
bash.11[~]: rpm -V chkconfig
bash.12[~]: rpm -V fuser
package fuser is not installed
bash.13[~]: rpm -V ifconfig
package ifconfig is not installed
bash.14[~]: rpm -V route
package route is not installed
bash.15[~]: rpm -V rsyslogd
package rsyslogd is not installed
bash.16[~]:
bash.32[~]: rpm -V mail
package mail is not installed
Here's the whereis output for those same 6 packages:
bash.16[~]: whereis chkconfig
chkconfig: /usr/sbin/chkconfig /etc/chkconfig.d
/usr/share/man/man8/chkconfig.8.gz
bash.17[~]: whereis fuser
fuser: /usr/sbin/fuser /usr/share/man/man1/fuser.1.gz
/usr/share/man/man1p/fuser.1p.gz
bash.18[~]: whereis ifconfig
ifconfig: /usr/sbin/ifconfig /usr/share/man/man8/ifconfig.8.gz
bash.19[~]: whereis route
route: /usr/sbin/route /usr/share/man/man8/route.8.gz
bash.20[~]: whereis rsyslogd
rsyslogd: /usr/sbin/rsyslogd /usr/share/man/man8/rsyslogd.8.gz
bash.21[~]:
bash.37[~]: whereis mail
mail: /usr/bin/mail /etc/mail /etc/mail.rc /usr/share/man/man1/mail.1.gz
(By the way, the "mail" command does work. I am not familiar with the
others, so I have not tried them.)
As best as I recall at the moment, the only way packages have been
installed on this system was (1) the initial install when the hardware
was new, with the install coming from the f-18 install dvd burned from
the Fedora web site; (2) by using yum (in most cases) or rpm (in a few
cases); and (3) by using fedup.
John says:
>> I consider parts 2 and 3 of my original post closed. But I remain
>> puzzled that rpm doesn't find packages that "whereis" finds in the
>> places that rkhunter has rpm looking.
> I don't follow that.
My original post had 3 parts.
* The third part reported a warning about GasKit rootkit. People
responded that it's a false alarm, and that a bugzilla has been
submitted. So this part of my original post is closed.
* The second part asked about package manager verification warnings that
suggested prelinking to resolve dependency issues. I wondered if yum
should be doing something more. People convinced me otherwise. So this
part of my original post is closed.
* The first part asked about error code 1 being returned by "rpm -qf
--queryformat...". Discussion in this list has me convinced that
there's not an rkhunter issue here. But I'm wondering if I have a
non-rkhunter problem, based on the output that I included in the first
part of *this* message.
Bill.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
