On 01/11/2013 10:40 PM, Dimitri Yioulos wrote: > On Friday 11 January 2013 2:45:14 pm George Tataetis wrote: >> hello all >> >> This is my first post to a mailing list, so in case i ve >> done something wrong sending this message in this email >> address, i am sorry. Now, i have installed rkhunter along >> with unhide and skdet in my FC17 32bit box. After the >> first scanning, i got these messages in my log for some >> programs like this: >> >> [21:14:32] /usr/bin/chattr >> [ Warning ] [21:14:32] Warning: Package manager >> verification has failed: [21:14:32] File: >> /usr/bin/chattr >> [21:14:32] Try running the command 'prelink >> /usr/bin/chattr' to resolve dependency errors. >> [21:14:32] The file hash value has changed >> [21:14:32] The file size has changed >> >> and >> >> [21:14:56] Info: The command 'rpm -qf --queryformat... >> /usr/bin/ed' gave error code 1. >> [21:14:56] /usr/bin/ed >> [ OK ] >> >> What could possibly be going wrong? Or at least, can >> someone point a direction as to where to find some >> answers? Any help would be appreciated. Thanks :) >> > > George, > > The first "warning" isn't uncommon, at least as far as my > installation goes. Did you run "rkhunter --propupd" after > installing rkhunter and making any adjustments in > rkhunter.conf? In rkhunter, do you have PKGMGR=RPM? I > find that setting it to "none, or simply "PKGMGR=" avoids > fp's. There's stuff written about that (maybe on the > rkhunter Web site, but I don't remember, exactly. You can > go ahead and run "prelink -a" to deal with the first issue. > > As to the second issue, it may exist, but I've never heard > of the ed program (/usr/bin/ed). Did you mean sed? > Anyway, you could whitelist that program to stop the error, > I suppose. > > Dimitri >
Hi Dimitri yes, i ve modified the conf for RPM and i ve run "rkhunter --propupd" afterwards. i 'm not that worried whether i have a rootkit. i only want to have some directives, as to how to handle the warnings and the error codes. for example, i had no idea what is prelink, but now that you ve sent it, i googled and i found something new. so thanks :) i really appreciate it. :) ------------------------------------------------------------------------------ Master HTML5, CSS3, ASP.NET, MVC, AJAX, Knockout.js, Web API and much more. Get web development skills now with LearnDevNow - 350+ hours of step-by-step video tutorials by Microsoft MVPs and experts. SALE $99.99 this month only -- learn more at: http://p.sf.net/sfu/learnmore_122812 _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
