subject ....SliTaz distro hi
I am trying out SliTaz distro which can be d/l from http://www.slitaz.org/en/get/#stable Part one...use RKH unmodified on a clean install shows no rootkits and a link to log...with no updates as no internet for all tests. Name of file...nomodes-cleaninstall.log ...click to download http://download339.mediafire.com/xdxyl0l01ozg/nnxhif3dwaz/nomods-cleaninstall.log ----snip----- Command line is /usr/bin/rkhunter -c -sk rkhunter is using busybox Info: Unable to find the 'file' command..ditto ip/ldd/lsof Warning: Checking for prerequisites [ Warning ] [15:00:03] Unable to find 'file' command - all script replacement checks will be skipped. [15:00:03] The file of stored file properties (rkhunter.dat) does not exist, and so must be created.....(I know the propupd command) System checks summary [15:01:38] ===================== [15:01:38] [15:01:38] File properties checks... [15:01:38] Required commands check failed [15:01:38] Files checked: 82 [15:01:38] Suspect files: 0 [15:01:38] [15:01:38] Rootkit checks... [15:01:38] Rootkits checked : 112 [15:01:39] Possible rootkits: 0 [15:01:39] [15:01:39] Applications checks... [15:01:39] Applications checked: 1 [15:01:39] Suspect applications: 0 ------snip---------------------------- Part Two I then modified your /usr/local/bin/rkhunter to add facility for the slitaz package manager by pasting in ------snip------------------- TAZ) TAZ_CMD=`find_cmd tazpkg` test -z "${TAZ_CMD}" && TAZ_CMD=`find_cmd tazpkg` if [ -z "${TAZ_CMD}" ]; then echo "Unable to find 'tazpkg' commands for package manager 'TAZ'." exit 1 fi if [ ! -d "/var/lib/tazpkg/installed" ]; then echo "Unable to find package database directory (/var/lib/tazpkg/installed) for package manager 'TAZ'." exit 1 fi if [ $CHECK -eq 1 ]; then PKGMGR_MD5_HASH=`get_md5_hash_function 0` if [ -z "${PKGMGR_MD5_HASH}" ]; then echo "Unable to find an MD5 hash function command to assist package manager 'TAZ'." exit 1 fi fi ;; ---------------------------------------------------------------------------- and modifying the conf file to call it..... PKGMGR=TAZ Part Three I then ran new rkhunter to see if I had sufficient cheating skills as I lack programming ones http://download633.mediafire.com/718x0nzyyuzg/nmflmzywn5c/modifiedrkh.log -----snip---- Info: Using package manager 'TAZ' for file property checks ------------ Part Four Now I ran propupd against the new executable....the link is to the RKH data file renamed as text file. http://download129.mediafire.com/jmuhgv1dmodg/youorm2nngn/datamod.txt OOPS forgot default was sha1sums redo conf to use MD5...run the propupd and try again...link is to data file made a text file. http://download640.mediafire.com/nekyniy0xgxg/imziiiz3hyu/datamodmd5.txt Again, this data file appears to show only md5sums and not any properties. Re-scan after propupd still no good Part Five Delete all data files and run rkh with -c -sk commands with a conf using MD5 and TAZ. http://download640.mediafire.com/jymtsi1ljiug/mmzwwj35ezm/md5-0datafile.log redo propupd command http://download640.mediafire.com/nekyniy0xgxg/imziiiz3hyu/datamodmd5.txt rescan with -c -sk ------snip----- Warning: Unable to obtain current properties for file '/bin/adduser and similar errors for all (usr)/(s)/bin type commands and the log file is http://download178.mediafire.com/aghmwlng5nyg/ywymmzgqmtn/last.log Part Six The structure of the md5 sums is a little different IMHO. /var/lib/tazpkg....has subfolder installed/ and one file called installed.md5 which is for md5sums of packages eg 0e718bab3c25e4c58f663f36968639a8 alsa-lib-1.0.18.tazpkg While /var/lib/tazpkg/installed/ ................................................ has numberous sub-folders eg /var/lib/tazpkg/installed/busybox/ with files that include " md5sum" ....for all the installed files for that package. ----------------------------------- Questions 1) I am aware from reading the rkhunter executable that its the stat command that allegedly helps with the properties. Do I need to install "file" and the other missing executables? 2) My data file is missing the other strings which is why the properties scan is throwing up multiple errors. How do I fix that please? regards gordy....aka aus9 ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
