Hi,
I'm running rkhunter (rpm from SuSE 10.0) as a rootkit
checker.
It is started by /etc/cron.daily/01-rkhunter, which is
part of the rkhunter rpm.
For anybody who is using rkhunter as well:
- normally you should update the rkhunter db-Files
on a regular base (rkhunter --update) in order to update
the rkhunter database Files.
- SuSE patched the os-db file (/var/lib/rkhunter/db/os.dat)
in order to put the "SUSE LINUX 10*" entries in here
Anybody who does the db-update will receive a new db-File
which does no longer contain SUSE LINUX 10.0 as a valid os;
so all md5-checks are skipped.
Solution:
create file /etc/cron.daily/001-rkhunter:
--- cut here ---
#!/bin/sh
MY_VERSION="`grep -i ^suse /etc/SuSE-release`"
if [ -e /etc/rkhunter.conf ]; then
. /etc/rkhunter.conf
else
exit 1
fi
/usr/bin/rkhunter --update | /bin/mail -s 'rkhunter Daily update' root
if [ `grep -c "${MY_VERSION}" ${DBDIR}/os.dat` -eq 0 ]; then
echo "999:${MY_VERSION}:/usr/bin/md5sum:/bin:" >> ${DBDIR}/os.dat
fi
--- cut here ---
and rkhunter keeps on working.
Andreas
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
