On Thu, 22 Nov 2007, Andreas Vetter wrote:- >On Wed, 21 Nov 2007, David Bolt wrote:
>> If you're referring to the os.dat file, it's unused by anything other >> than check_update.sh. Looking at the check_update.sh script, I'm not sure why the os.dat file is still there. It's no longer used by any of the other scripts and even the update script ignores it. Well, it did when I tried using the --update option. >Don't know about 1.3.0, but 1.2.8 does not know the md5sums of >openSUSE 10.3: ># rkhunter -c --nocolors -sk > >Rootkit Hunter 1.2.8 is running > >Determining OS... Unknown >Warning: This operating system is not fully supported! >Warning: Cannot find md5_not_known >All MD5 checks will be skipped! 1.3.0 doesn't know _any_ md5sums. That's the purpose of the --propupd option. The --propupd option creates the reference file containing the md5sums, and should be called as soon as possible after the initial installation. >> One thing I did need to do after installation, and probably something >> that should have been added to the %post of the spec is to call >> "rkhunter --propupd" to create the rkhunter.dat database. > >Does this only exist in 1.3.0? 1.2.8 does not know about --propupd : ># rkhunter --propupd >Fatal: Invalid option --propupd Yes, it's one of quite a few new options. Here's the --help output for the 1.3.0 release: [EMAIL PROTECTED]:~> rpm -qi rkhunter ; sudo rkhunter --help Name : rkhunter Relocations: (not relocatable) Version : 1.3.0 Vendor: (none) Release : 1 Build Date: Mon 12 Nov 2007 14:25:58 GMT Install Date: Wed 21 Nov 2007 16:58:12 GMT Build Host: cobra-mk3.davjam.org Group : Applications/System Source RPM: rkhunter-1.3.0-1.src.rpm Size : 747022 License: GPL Signature : (none) Packager : David Bolt <[EMAIL PROTECTED]> URL : http://rkhunter.sourceforge.net/ Summary : rkhunter scans for rootkits, backdoors and local exploits Description : Rootkit Hunter is a scanning tool to ensure you are about 99.9% clean of nasty tools. It scans for rootkits, backdoors and local exploits by running tests like: - File hash check - Look for default files used by rootkits - Wrong file permissions for binaries - Look for suspected strings in LKM and KLD modules - Look for hidden files - Optional scan within plaintext and binary files - Software version checks - Application tests Rootkit Hunter is released as a GPL licensed project and free for everyone to use. Distribution: openSUSE 10.3 root's password: Usage: rkhunter {--check | --update | --propupd | --versioncheck | --list [tests | languages | rootkits] | --version | --help} [options] Current options are: --append-log Append to the logfile, do not overwrite --bindir <directory>... Use the specified command directories -c, --check Check the local system --cs2, --color-set2 Use the second color set for output --configfile <file> Use the specified configuration file --cronjob Run as a cron job (implies -c, --sk and --nocolors options) --dbdir <directory> Use the specified database directory --debug Debug mode (Do not use unless asked to do so) --disable <test>[,<test>...] Disable specific tests (Default is to disable no tests) --display-logfile Display the logfile at the end --enable <test>[,<test>...] Enable specific tests (Default is to enable all tests) --hash {MD5 | SHA1 | NONE | Use the specified file hash function <command>} (Default is SHA1) -h, --help Display this help menu, then exit --lang, --language <language> Specify the language to use (Default is English) --list [tests | languages | List the available test names, languages, rootkits] or checked for rootkits, then exit -l, --logfile [file] Write to a logfile (Default is /var/log/rkhunter.log) --noappend-log Do not append to the logfile, overwrite it --nocolors Use black and white output --nolog Do not write to a logfile --nomow, --no-mail-on-warning Do not send a message if warnings occur --ns, --nosummary Do not show the summary of check results --novl, --no-verbose-logging No verbose logging --pkgmgr {RPM | DPKG | BSD | Use the specified package manager to obtain or NONE} verify file hash values. (Default is NONE) --propupd Update the file properties database -q, --quiet Quiet mode (no output at all) --rwo, --report-warnings-only Show only warning messages -r, --rootdir <directory> Use the specified root directory --sk, --skip-keypress Don't wait for a keypress after each test --summary Show the summary of system check results (This is the default) --syslog [facility.priority] Log the check start and finish times to syslog (Default level is authpriv.notice) --tmpdir <directory> Use the specified temporary directory --update Check for updates to database files --vl, --verbose-logging Use verbose logging (on by default) -V, --version Display the version number, then exit --versioncheck Check for latest version of program -x, --autox Automatically detect if X is in use -X, --no-autox Do not automatically detect if X is in use Regards, David Bolt -- Team Acorn: http://www.distributed.net/ OGR-P2 @ ~100Mnodes RC5-72 @ ~15Mkeys | SUSE 10.1 32bit | openSUSE 10.2 32bit | openSUSE 10.3 32bit SUSE 10.0 64bit | SUSE 10.1 64bit | openSUSE 10.2 64bit | RISC OS 3.11 | RISC OS 3.6 | TOS 4.02 | openSUSE 10.3 PPC --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
