John Horne schrieb: > On Tue, 2007-05-22 at 20:01 +0200, freak wrote: > >> Hi, >> may i have ask a question please? :) does rkhunter actually support >> openSuSE 10.2 'out-of-the-box' ? i saw it running on another opensuse >> 10.2 install where it says: "Info: Check skipped - no hashes available", >> also the guy who owns this openSuSE installation has run hashupd.sh. So >> at least my question is: if i install rkhunter and run hashupd.sh does >> rkhunter fully check my system (hashes etc.)? >> >> > Hello, > > I would say the answer is "Yes, but..." > > 1) If RKH says 'Check skipped - no hashes available' then it sounds more > like that hashupd.sh has not been run. If it has been run, and RKH still > gives this message, then we would need to find out why. > > 2) If you can, grab a copy of the nightly CVS tarball. It doesn't > require the use of hashupd.sh at all, and system 'detection' is improved > but not critical (as opposed to the current version which doesn't run > the hash checks if it doesn't know the O/S). > > > > John. > > Hi,
i just ran it and it says:
sudo ./hashupd.sh
root's password:
[REQ] Enter your *EXACT* release string including architecture:
openSUSE 10.2 (i586)
[INFO] "openSUSE 10.2 (i586)" wasn't found in /var/lib/rkhunter/db/os.dat.
[INFO] "openSUSE 10.2 (i586)" has local number 986.
[INFO] Found md5sum at /usr/bin/md5sum
[INFO] Found sha1sum at /usr/bin/sha1sum
[INFO] Adding distribution/release "openSUSE 10.2 (i586)" to
"/var/lib/rkhunter/db/os.dat"
[INFO] Looking for 65 hashes.
[WARN] Found 51 of 65 hashes, 0 errors found.
[INFO] added new hashes.
then i run rkhunter again, it says:
sudo rkhunter -c
Rootkit Hunter 1.2.9 is running
Determining OS... Ready
Checking binaries
* Selftests
Strings (command) [ OK ]
* System tools
Performing 'known bad' check...
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/csh [ OK ]
/bin/date [ OK ]
/bin/df [ OK ]
/bin/dmesg [ OK ]
/bin/echo [ OK ]
/bin/ed [ OK ]
/bin/egrep [ OK ]
/bin/fgrep [ OK ]
/bin/grep [ OK ]
/bin/kill [ OK ]
/bin/login [ OK ]
/bin/ls [ OK ]
/bin/more [ OK ]
/bin/mount [ OK ]
/bin/netstat [ OK ]
/bin/ps [ OK ]
/bin/sh [ OK ]
/bin/sort [ OK ]
/bin/su [ OK ]
/sbin/checkproc [ OK ]
/sbin/chkconfig [ OK ]
/sbin/depmod [ OK ]
/sbin/ifconfig [ OK ]
/sbin/ifdown [ OK ]
/sbin/ifstatus [ OK ]
/sbin/ifup [ OK ]
/sbin/init [ OK ]
/sbin/insmod [ OK ]
/sbin/ip [ OK ]
/sbin/lsmod [ OK ]
/sbin/modinfo [ OK ]
/sbin/modprobe [ OK ]
/sbin/nologin [ OK ]
/sbin/rmmod [ OK ]
/sbin/runlevel [ OK ]
/sbin/sulogin [ OK ]
/sbin/sysctl [ OK ]
/usr/bin/basename [ OK ]
/usr/bin/chattr [ OK ]
/usr/bin/du [ OK ]
/usr/bin/egrep [ OK ]
/usr/bin/fgrep [ OK ]
/usr/bin/file [ OK ]
/usr/bin/find [ OK ]
/usr/bin/groups [ OK ]
/usr/bin/head [ OK ]
/usr/bin/killall [ OK ]
/usr/bin/last [ OK ]
/usr/bin/lastlog [ OK ]
/usr/bin/less [ OK ]
/usr/bin/locate [ OK ]
/usr/bin/lsattr [ OK ]
/usr/bin/md5sum [ OK ]
/usr/bin/passwd [ OK ]
/usr/bin/pstree [ OK ]
/usr/bin/sha1sum [ OK ]
/usr/bin/size [ OK ]
/usr/bin/sort [ OK ]
/usr/bin/stat [ OK ]
/usr/bin/strace [ OK ]
/usr/bin/strings [ OK ]
/usr/bin/test [ OK ]
/usr/bin/top [ OK ]
/usr/bin/touch [ OK ]
/usr/bin/users [ OK ]
/usr/bin/vmstat [ OK ]
/usr/bin/w [ OK ]
/usr/bin/watch [ OK ]
/usr/bin/wc [ OK ]
/usr/bin/wget [ OK ]
/usr/bin/whatis [ OK ]
/usr/bin/whereis [ OK ]
/usr/bin/which [ OK ]
/usr/bin/who [ OK ]
/usr/bin/whoami [ OK ]
/usr/sbin/cron [ OK ]
/usr/sbin/tcpd [ OK ]
/usr/sbin/useradd [ OK ]
/usr/sbin/usermod [ OK ]
/usr/sbin/vipw [ OK ]
/usr/sbin/xinetd [ OK ]
Performing 'known good' check...
Info: Check skipped - no hashes available
seems to me as it saves it into the wrong folder / file.
but another questions: if i'm running my installation just a while and
do the hashupd.sh, then it could be that rkhunter could recognize a
infected program as good. or im wrong?
i will get the svn version now.
greetings.
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
