It's been one of those weeks; my apologies for the long delay in answering.
> > Michael asks:
> >
> > > Could you give an example showing the queries you've performed?
> > >
> > > "whereis" looks for files available on the file-system in
various paths.
> > > "rpm" only covers files included in installed RPM packages as
tracked by
> > > the local RPM database.
> >
> > I'll show rkhunter log entries, "rpm -V" output, and "whereis" output
> > for 6 packages...
> > Here are 6 of the messages from the rkhunter log:
> > [18:55:34] Info: The command 'rpm -qf --queryformat...
> > /usr/sbin/chkconfig' gave error code 1.
>
> Here you would need to find out the exact query options. The log
output is
> not useful, but the rkhunter shell script tells what has happened when it
> prints this. The previous rpm query has succeeded, and it tried to query
> the RPM database for file attributes and checksums. For someone who can
> reproduce the log message, it should be an easy task to examine the
issue.
>
> > Here's the rpm -V output for those same 6 packages:
> > bash.11[~]: rpm -V chkconfig
> > bash.12[~]: rpm -V fuser
> > package fuser is not installed
>
> That's a wrong query. /usr/sbin/fuser is not included in package "fuser"
> but "psmisc". You can use the "-qf" query to return the package a file
> is included in:
>
> # rpm -qf /usr/sbin/fuser
> psmisc-22.20-3.fc20.x86_64
>
> # rpm -V -qf /usr/sbin/fuser
> #
ok. I tried that; now I see. Thank-you, Michael.
> > bash.13[~]: rpm -V ifconfig
...
> > bash.32[~]: rpm -V mail
> > package mail is not installed
>
> Same here.
>
> Here's the whereis output for those same 6 packages:
> > bash.16[~]: whereis chkconfig
> > chkconfig: /usr/sbin/chkconfig /etc/chkconfig.d
> > /usr/share/man/man8/chkconfig.8.gz
>
> What does that tell in your opinion? "whereis" doesn't examine the RPM
> database. If you give "rpm" the path to the program, a query would work
> like this:
>
> # rpm -qf $(which chkconfig)
> chkconfig-1.3.60-4.fc20.x86_64
I was assuming that all the rkhunter messages were reporting on
packages. What you've said implies my assumption was wrong. Now
knowing better, the whereis output tells me nothing relevant to my
problem. Thank-you for clearing that up for me.
At this point, I believe my Fedora system does not have the problems I
originally feared it might have. In a separate message, I'll fully
close this.
Bill.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
