On Thu, 2010-12-02 at 14:36 +0000, John Horne wrote: > On Thu, 2010-12-02 at 14:05 +0000, Arthur Dent wrote: > > Hello all, > > > > I just upgraded from 1.3.6 to 1.3.8 on my Fedora 13 system, and on each > > RKH run I get a the following warning: > > > > Warning: The following processes are using deleted files: > > Process: /usr/libexec/mysqld PID: 1499 File: /tmp/ib5ks4lI > > Process: /bin/mailx PID: 9802 File: /tmp/Rsva0iNT > > Process: /usr/bin/mlogc PID: 19422 File: > > /var/tmp/etilqs_pYL81MNhaXiONAm > > > It's a known bug I'm afraid. > > I have attached a (bzipped) drop-in replacement 1.3.8 rkhunter script > with it fixed.
Hi John, That did the trick. Thanks! I have another question if I may... I am running a Fedora 13 system which I update using yum about once per month. I have the line PKGMGR=RPM in my /etc/rkhunter.conf.local file, and yet each time I update the system RKH complains loudly about Package manager verification failures. See today's run for an example: Warning: Package manager verification has failed: File: /usr/bin/curl Try running the command 'prelink /usr/bin/curl' to resolve dependency errors. The file hash value has changed The file size has changed Warning: Package manager verification has failed: File: /usr/bin/passwd Try running the command 'prelink /usr/bin/passwd' to resolve dependency errors. The file hash value has changed The file size has changed Warning: Package manager verification has failed: File: /usr/bin/wget Try running the command 'prelink /usr/bin/wget' to resolve dependency errors. The file hash value has changed The file size has changed Warning: Package manager verification has failed: File: /bin/login Try running the command 'prelink /bin/login' to resolve dependency errors. The file hash value has changed The file size has changed Warning: The file '/bin/ping' exists on the system, but it is not present in the rkhunter.dat file. Warning: Package manager verification has failed: File: /bin/rpm Try running the command 'prelink /bin/rpm' to resolve dependency errors. The file hash value has changed The file size has changed Warning: Package manager verification has failed: File: /sbin/rsyslogd Try running the command 'prelink /sbin/rsyslogd' to resolve dependency errors. The file hash value has changed The file size has changed Warning: The file properties have changed: File: /usr/local/bin/rkhunter Current hash: fc0f35d4d39300dc27c988d7a222541b0fb11758 Stored hash : 2d8832de4ca600e529ed8cdc3927273bb7ae21c9 Current size: 496692 Stored size: 496564 Current file modification time: 1291301587 (02-Dec-2010 14:53:07) Stored file modification time : 1291060848 (29-Nov-2010 20:00:48) Warning: The file properties have changed: File: /etc/rkhunter.conf Current hash: e53f86f5e40eef8217bbaf07ba1a5fe9b664ffdf Stored hash : 772733ebea65b99c9af8f437de1a49c2cd4a14ac Current size: 37001 Stored size: 37177 Current file modification time: 1291301753 (02-Dec-2010 14:55:53) Stored file modification time : 1291121824 (30-Nov-2010 12:57:04) OK - the last couple were because I was fiddling around with the new RKH script you sent me, but the other things (curl, wget etc) were not even touched (as far as I know) by the yum update. I guess I have to run rkhunter --propupd --pkgmgr RPM anyway, but I was just curious... Thanks again Mark
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users