On Tue, 2007-08-07 at 12:35 -0700, Sean Galyen wrote: > > Issue 1: Despite running hashupd.sh as needed the hashes are not > updated and instead of performing the Known Good check it performs the > Known Bad check and moves on. > Most, if not all, of this has been fixed in the 1.3.0-beta, or CVS, which you can now download. > > Cause: No clue, > It was a bug in the hashupd.sh script. I emailed a fixed version to some people, but it was never officially released (mainly because we were getting closer to a 1.3.0 release).
> > Resolution: Change the permissions on the temp file with the > following command > Version 1.3.0 doesn't use a temporary file for the prelink tests. Prelinking can still cause a problem, and I suspect there is no real solution. The problem is that when a system automatically applies patches, the prelinking mechanism detects that things have changed. As such when RKH uses the prelink command to check files (which have been patched), it receives an error rather than a valid answer. (This is the 'dependencies may have changed' thing). The 'solution' is for the user to run the prelink command on the relevant file(s). RKH informs the user of the error, and suggests running 'prelink'. Because running prelink changes the file(s), I don't think it is something that RKH should automatically do. John. -- --------------------------------------------------------------- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
