On Sat, 2006-10-07 at 10:46 +0200, Andy Esten wrote: > Yesterday I received an update (2006100500) of the file defaulthashes.dat. > This file now contains hashes for Fedora Core 5. But almost every hash is > BAD. I know for sure my system is not compromised and the files are correct. > > Can somebody confirm that there are problems with the Fedora Core 5 hashes? > What can I do to correct these false negative? > Download the hashupd.sh script from the sourceforge site. Then read this section of the README file:
================================================================= On RedHat/Fedora, it is necessary to carry out the following procedure: 1) If you are running SELinux then temporarily disable it by typing in 'setenforce 0'; Note: If you are unsure whther you are running SELinux or not, then type in 'sestatus'. A line containing 'Current mode: enforcing' indicates that you are running SELinux. If it says 'permissive', then you are not currently running SELinux, and can ignore the steps about SELinux. 2) Run the daily prelink update script - to do this type in '/etc/cron.daily/prelink'; 3) Run the hashupd.sh script to update your local hash values; 4) Run rkhunter; 5) If rkhunter still shows 'BAD' hash entries, then type in 'rm /etc/prelink.cache' and repeat the procedure from step 2. Note: Step 2 may now take some time to complete. 6) Re-enable SELinux, if you disabled it, by typing in 'setenforce 1'. Hopefully rkhunter will now work without any problems with hash values. For other Linux distributions you will need to determine if and how prelinking takes place, and whether SELinux is present or not. It is possible that the above sequence will work for other distributions, but it is for the user to check this. ================================================================= It may be that you need to leave SELinux disabled will RKH runs. John. -- --------------------------------------------------------------- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
