On Thu, 22 Nov 2007, Andreas Vetter wrote:-

>On Wed, 21 Nov 2007, David Bolt wrote:

>> If you're referring to the os.dat file, it's unused by anything other
>> than check_update.sh.

Looking at the check_update.sh script, I'm not sure why the os.dat file
is still there. It's no longer used by any of the other scripts and even
the update script ignores it. Well, it did when I tried using the
--update option.

>Don't know about 1.3.0, but 1.2.8 does not know the md5sums of
>openSUSE 10.3:
># rkhunter -c --nocolors -sk
>
>Rootkit Hunter 1.2.8 is running
>
>Determining OS... Unknown
>Warning: This operating system is not fully supported!
>Warning: Cannot find md5_not_known
>All MD5 checks will be skipped!

1.3.0 doesn't know _any_ md5sums. That's the purpose of the --propupd
option. The --propupd option creates the reference file containing the
md5sums, and should be called as soon as possible after the initial
installation.

>> One thing I did need to do after installation, and probably something
>> that should have been added to the %post of the spec is to call
>> "rkhunter --propupd" to create the rkhunter.dat database.
>
>Does this only exist in 1.3.0? 1.2.8 does not know about --propupd :
># rkhunter --propupd
>Fatal: Invalid option --propupd

Yes, it's one of quite a few new options. Here's the --help output for
the 1.3.0 release:

[EMAIL PROTECTED]:~> rpm -qi rkhunter ; sudo rkhunter --help
Name        : rkhunter                     Relocations: (not relocatable)
Version     : 1.3.0                             Vendor: (none)
Release     : 1                             Build Date: Mon 12 Nov 2007 
14:25:58 GMT
Install Date: Wed 21 Nov 2007 16:58:12 GMT      Build Host: cobra-mk3.davjam.org
Group       : Applications/System           Source RPM: rkhunter-1.3.0-1.src.rpm
Size        : 747022                           License: GPL
Signature   : (none)
Packager    : David Bolt <[EMAIL PROTECTED]>
URL         : http://rkhunter.sourceforge.net/
Summary     : rkhunter scans for rootkits, backdoors and local exploits
Description :
Rootkit Hunter is a scanning tool to ensure you are about 99.9%
clean of nasty tools. It scans for rootkits, backdoors and local
exploits by running tests like:
        - File hash check
        - Look for default files used by rootkits
        - Wrong file permissions for binaries
        - Look for suspected strings in LKM and KLD modules
        - Look for hidden files
        - Optional scan within plaintext and binary files
        - Software version checks
        - Application tests

Rootkit Hunter is released as a GPL licensed project and free for everyone to 
use.
Distribution: openSUSE 10.3
root's password:

Usage: rkhunter {--check | --update | --propupd | --versioncheck |
                 --list [tests | languages | rootkits] |
                 --version | --help} [options]

Current options are:
         --append-log                  Append to the logfile, do not overwrite
         --bindir <directory>...       Use the specified command directories
     -c, --check                       Check the local system
  --cs2, --color-set2                  Use the second color set for output
         --configfile <file>           Use the specified configuration file
         --cronjob                     Run as a cron job
                                       (implies -c, --sk and --nocolors options)
         --dbdir <directory>           Use the specified database directory
         --debug                       Debug mode
                                       (Do not use unless asked to do so)
         --disable <test>[,<test>...]  Disable specific tests
                                       (Default is to disable no tests)
         --display-logfile             Display the logfile at the end
         --enable  <test>[,<test>...]  Enable specific tests
                                       (Default is to enable all tests)
         --hash {MD5 | SHA1 | NONE |   Use the specified file hash function
                 <command>}            (Default is SHA1)
     -h, --help                        Display this help menu, then exit
 --lang, --language <language>         Specify the language to use
                                       (Default is English)
         --list [tests | languages |   List the available test names, languages,
                 rootkits]             or checked for rootkits, then exit
     -l, --logfile [file]              Write to a logfile
                                       (Default is /var/log/rkhunter.log)
         --noappend-log                Do not append to the logfile, overwrite 
it
         --nocolors                    Use black and white output
         --nolog                       Do not write to a logfile
--nomow, --no-mail-on-warning          Do not send a message if warnings occur
   --ns, --nosummary                   Do not show the summary of check results
 --novl, --no-verbose-logging          No verbose logging
         --pkgmgr {RPM | DPKG | BSD |  Use the specified package manager to 
obtain or
                   NONE}               verify file hash values. (Default is 
NONE)
         --propupd                     Update the file properties database
     -q, --quiet                       Quiet mode (no output at all)
  --rwo, --report-warnings-only        Show only warning messages
     -r, --rootdir <directory>         Use the specified root directory
   --sk, --skip-keypress               Don't wait for a keypress after each test
         --summary                     Show the summary of system check results
                                       (This is the default)
         --syslog [facility.priority]  Log the check start and finish times to 
syslog
                                       (Default level is authpriv.notice)
         --tmpdir <directory>          Use the specified temporary directory
         --update                      Check for updates to database files
   --vl, --verbose-logging             Use verbose logging (on by default)
     -V, --version                     Display the version number, then exit
         --versioncheck                Check for latest version of program
     -x, --autox                       Automatically detect if X is in use
     -X, --no-autox                    Do not automatically detect if X is in 
use


Regards,
        David Bolt

-- 
Team Acorn: http://www.distributed.net/ OGR-P2 @ ~100Mnodes RC5-72 @ ~15Mkeys
                 | SUSE 10.1 32bit  | openSUSE 10.2 32bit | openSUSE 10.3 32bit
SUSE 10.0 64bit  | SUSE 10.1 64bit  | openSUSE 10.2 64bit |
RISC OS 3.11     | RISC OS 3.6      | TOS 4.02            | openSUSE 10.3 PPC
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to