Hi,
Le 31/10/2010 16:41, unsp...@hushmail.com a écrit :
> Hello all,
>
> We're close to releasing a new Rootkit Hunter version. But before
> we can we need you to test it in the coming two weeks. Please spare
> us a few minutes if you care. After testing please reply so we get
> an idea of how many people tested this release.
>
> Here is a short checklist:
> 1) Does RKH install correctly?
> 2) Does 'rkhunter -C' show rkhunter.conf is OK? (Re-run after
> making changes.)
> 3) Does '--update' work?
> 4) Does '--versioncheck' work?
> 5) Does '--propupd' pick up changes? (See
> /var/lib/rkhunter/db/rkhunter.dat.)
> 6) Run '--enable all' and check the log file for skipped tests or
> warnings.
> 7) Whitelist some items, configure paths, add files to be checked,
> etc re-run #6.
> 8) Does '-c --sk' show the default run OK?
> 9) Select a package manager (and possibly a different hash
> function) and re-run #4 and #8. (Check
> /var/lib/rkhunter/db/rkhunter.dat.)
> !) For those that requested locking: create a "rkhunter.LCK" lock
> file in the $RKHTMPDIR, then run '--update'. RKH now waits until
> the lock file is deleted. Run 'rkhunter --unlock' to remove the
> lock file.
>
> ** If testing doesn't complete without errors (please first check
> if they have been dealt with previously on this mailing list)
> please indicate which tests went OK and which failed and if
> necessary *attach* your rkhunter.conf and rkhunter.log.
>
> The most up to date tarball is at
> http://rkhunter.sourceforge.net/rkhunter-CVS.tar.gz.
>
> Thanks in advance!
>
>
> Best regards,
> unSpawn
> ---
>
Info : test performed on Mandriva 2010.1 X86_64 with the CVS version of
unhide.
Well, I didn't run item 7 & 9 but I did test ''--enable hidden_procs"
and "--disable none"
I've noted a little display bug. If a path in the $PATH environment
variable already contains a trailing "/", it is double in the log file
and on the display.
[15:14:45] /home2/pgouin/DEVELOPPEMENT/unhide/unhide//unhide [ Warning ]
[15:14:45] Warning: The file
'/home2/pgouin/DEVELOPPEMENT/unhide/unhide//unhide' exists on the
system, but it is not present in the rkhunter.dat file.
[15:14:45] /home2/pgouin/DEVELOPPEMENT/unhide/unhide//unhide-linux26 [
Warning ]
[15:14:45] Warning: The file
'/home2/pgouin/DEVELOPPEMENT/unhide/unhide//unhide-linux26' exists on
the system, but it is not present in the rkhunter.dat file.
I couldn't run unhide by using
./rkhunter --enable all,hidden_procs -c
or even
./rkhunter --enable all -enable hidden_procs -c (no command line
parsing error reported by RKH)
but it works using
./rkhunter --enable hidden_procs -c
or
./rkhunter --enable all --disable none -c
I tested some tests of unhide in the config file. It works as expected.
I also used a scripted ps so all process were seen as hidden. I found
the sorting order of the found processes in the log file very strange,
but all processes seemed to be there.
I noticed the change about unhide (C version) in the config file.
Interestingly, since September 23, several test names can be
simultaneously given on the unhide command line. It fits quite well
with the new UNHIDE_TESTS option of RKH.
Best regards,
Patrick
------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
