Hi all,
Wanted to share something that was nailing my hide for a few months that I
finally decided to figure out/fix.
Environment: CentOS 5 (Final) which is equivalent to RedHat Enterprise
Linux 5 with rkhunter 1.2.9 and SELinux enabled.
Issue 1: Despite running hashupd.sh as needed the hashes are not updated
and instead of performing the Known Good check it performs the Known Bad
check and moves on.
Resolution: Remove from the os.dat the lines referencing my OS and re-run
hashupd.sh, it adds to the os.dat and this time updates the hashes!
Cause: No clue, but my best guess is when I fresh install rkhunter and do
the --update I don't wait long enough for it to finish before I run the
hashupd.sh - perhaps they step on each other?
Issue 2: With SELinux enabled the prelink portion fails with AVC messages
and all hashes return bad.
Resolution: Change the permissions on the temp file with the following
command:
> chcon -t prelink_exec_t /usr/local/rkhunter/lib/rkhunter/tmp/prelink.tst
This grants prelink greater rights (though I'm not sure how much greater) to
the prelink.tst file and enables the hashes to be tested.
If this has already been posted my apologies for duplication.
S
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
