-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John Horne wrote:
>>>> This system may be compromised as the binaries are different.
>>>>
>>> It depends on how you do the comparison. Fedora uses prelinking, so a
>>> straight comparison using something like 'ls -l' will show differences.
>> I used diff.
>>
> No, you can't do that. Prelinking changes the binary slightly, and the
> change will be different for different systems even if they are the same
Ok. I ran
rpm -V `rpm -qf /bin/md5sum`
rpm -V `rpm -qf /bin/passwd`
rpm -V `rpm -qf /bin/strings`
rpm -V `rpm -qf /sbin/nologin`
Nothing comes back so they all seem to check out fine. So why does
rkhunter think they are bad? I modified rkhunter per your instructions
PRELINKVERIFY=`${PRELINKBINARY} --verify ${file} > ${TMPDIR}/prelink.tst`
I have also tried turning off selinux before running hashupd
setenforce 0
hashupd.sh
rkhunter -c -sk
Still shows [BAD] on those same files. Am I missing something?
- --
JT Moree
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFgG1LFI6sVJUR1B8RAvlmAJ48axBBOIQL44au3QQgZRv7fXV6qQCgvwVY
hTOG4Qa7/30S8+yfqnDvyvU=
=PBZI
-----END PGP SIGNATURE-----
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
