On Wed, 2017-08-30 at 11:03 -0500, Valeri Galtsev wrote:
> On Wed, August 30, 2017 10:43 am, Tony Schreiner wrote:
> > This has come up for me on the most recent upgrade, add the line
> >
> > HASH_CMD=sha1sum
> >
> > On Wed, Aug 30, 2017 at 11:15 AM, <m.roth@xxxxxxxxx> wrote:
> >
> > > Can't remember if I posted this before... We're getting warnings from
> > > rkhunterWarning: Checking for prerequisites [ Warning ]
> > > All file hash checks will be skipped because:
> > > This system uses prelinking, but the hash function command does not
> > > look like SHA1 or MD5.
> > >
> > > Now, googling, I find people saying to rm /etc/prelink.cache, then run
> > > rkhunter --propupd.
> > >
> > > Works. And then, prelink runs in the middle of the night, via
> > > /etc/cron.daily, and when the cron job of rkhunter runs, it's back to
> > > complaining.
>
> Prelink is evil, in a sense of what it does. Allegedly it helps to load
> into memory binaries and libraries faster, for that it TOUCHES every one
> of them regularly. This effectively defeats the way we watch for system
> integrity by tracking all system files and libraries information, such as:
> file sizes, time stamps, inode numbers, checksums. The very moment RedHat
> made prelink installed by default, I was so upset that you can feel these
> my feelings in my writing now are still present. I got rid of prelink, and
> I rid of it specifically on my kickstart files. Two or three years down
> the road RedHat came to its senses and removed prelink from what is
> installed by default. I'm surprised, Mark, that you still have it some
> place. Any specific reason? If not, get rid of prelink which does waaay
> more harm than it does good IMHO.
Or keep prelink and modify your HASH_CMD to "prelink -y /path/to/binary|sha1sum"
Mark
>
> Valeri
>
> > >
> > > Anyone have any ideas what's going on here? I don't see anything in the
> > > prelink.conf, or any options in the prelink manpage to tell is what hash
> > > to use.
> > >
> > > mark
> > >
> > > _______________________________________________
> > > CentOS mailing list
> > > CentOS@xxxxxxxxxx
> > > https://lists.centos.org/mailman/listinfo/centos
> > >
> >
> > _______________________________________________
> > CentOS mailing list
> > CentOS@xxxxxxxxxx
> > https://lists.centos.org/mailman/listinfo/centos
> >
>
>
> ++++++++++++++++++++++++++++++++++++++++
> Valeri Galtsev
> Sr System Administrator
> Department of Astronomy and Astrophysics
> Kavli Institute for Cosmological Physics
> University of Chicago
> Phone: 773-702-4247
> ++++++++++++++++++++++++++++++++++++++++
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
