On Thu, 2010-12-02 at 14:36 +0000, John Horne wrote: > On Thu, 2010-12-02 at 14:05 +0000, Arthur Dent wrote: > > Hello all, > > > > I just upgraded from 1.3.6 to 1.3.8 on my Fedora 13 system, and on each > > RKH run I get a the following warning: > > > > Warning: The following processes are using deleted files: > > Process: /usr/libexec/mysqld PID: 1499 File: /tmp/ib5ks4lI > > Process: /bin/mailx PID: 9802 File: /tmp/Rsva0iNT > > Process: /usr/bin/mlogc PID: 19422 File: > > /var/tmp/etilqs_pYL81MNhaXiONAm > > > It's a known bug I'm afraid. > > I have attached a (bzipped) drop-in replacement 1.3.8 rkhunter script > with it fixed.
Hi John,
That did the trick. Thanks!
I have another question if I may...
I am running a Fedora 13 system which I update using yum about once per
month. I have the line
PKGMGR=RPM
in my /etc/rkhunter.conf.local file, and yet each time I update the
system RKH complains loudly about Package manager verification failures.
See today's run for an example:
Warning: Package manager verification has failed:
File: /usr/bin/curl
Try running the command 'prelink /usr/bin/curl' to resolve dependency
errors.
The file hash value has changed
The file size has changed
Warning: Package manager verification has failed:
File: /usr/bin/passwd
Try running the command 'prelink /usr/bin/passwd' to resolve
dependency errors.
The file hash value has changed
The file size has changed
Warning: Package manager verification has failed:
File: /usr/bin/wget
Try running the command 'prelink /usr/bin/wget' to resolve dependency
errors.
The file hash value has changed
The file size has changed
Warning: Package manager verification has failed:
File: /bin/login
Try running the command 'prelink /bin/login' to resolve dependency
errors.
The file hash value has changed
The file size has changed
Warning: The file '/bin/ping' exists on the system, but it is not present in
the rkhunter.dat file.
Warning: Package manager verification has failed:
File: /bin/rpm
Try running the command 'prelink /bin/rpm' to resolve dependency
errors.
The file hash value has changed
The file size has changed
Warning: Package manager verification has failed:
File: /sbin/rsyslogd
Try running the command 'prelink /sbin/rsyslogd' to resolve dependency
errors.
The file hash value has changed
The file size has changed
Warning: The file properties have changed:
File: /usr/local/bin/rkhunter
Current hash: fc0f35d4d39300dc27c988d7a222541b0fb11758
Stored hash : 2d8832de4ca600e529ed8cdc3927273bb7ae21c9
Current size: 496692 Stored size: 496564
Current file modification time: 1291301587 (02-Dec-2010 14:53:07)
Stored file modification time : 1291060848 (29-Nov-2010 20:00:48)
Warning: The file properties have changed:
File: /etc/rkhunter.conf
Current hash: e53f86f5e40eef8217bbaf07ba1a5fe9b664ffdf
Stored hash : 772733ebea65b99c9af8f437de1a49c2cd4a14ac
Current size: 37001 Stored size: 37177
Current file modification time: 1291301753 (02-Dec-2010 14:55:53)
Stored file modification time : 1291121824 (30-Nov-2010 12:57:04)
OK - the last couple were because I was fiddling around with the new RKH
script you sent me, but the other things (curl, wget etc) were not even
touched (as far as I know) by the yum update.
I guess I have to run rkhunter --propupd --pkgmgr RPM anyway, but I was
just curious...
Thanks again
Mark
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Increase Visibility of Your 3D Game App & Earn a Chance To Win $500! Tap into the largest installed PC base & get more eyes on your game by optimizing for Intel(R) Graphics Technology. Get started today with the Intel(R) Software Partner Program. Five $500 cash prizes are up for grabs. http://p.sf.net/sfu/intelisp-dev2dev
_______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
