Unsubscribe
-----Original Message-----
From: rkhunter-users-requ...@lists.sourceforge.net
[mailto:rkhunter-users-requ...@lists.sourceforge.net]
Sent: 03 May 2014 14:50
To: rkhunter-users@lists.sourceforge.net
Subject: Rkhunter-users Digest, Vol 91, Issue 1
Send Rkhunter-users mailing list submissions to
rkhunter-users@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
or, via email, send a message with subject or body 'help' to
rkhunter-users-requ...@lists.sourceforge.net
You can reach the person managing the list at
rkhunter-users-ow...@lists.sourceforge.net
When replying, please edit your Subject line so it is more specific than
"Re: Contents of Rkhunter-users digest..."
Today's Topics:
1. Re: error on backdoorports.dat when using rkhunter --update
(John Horne)
2. Re: error on backdoorports.dat when using rkhunter --update
(Davenport, Julie)
3. Re: error on backdoorports.dat when using rkhunter --update
(Nerijus Baliunas)
4. Re: error on backdoorports.dat when using rkhunter --update
(Davenport, Julie)
5. Re: error on backdoorports.dat when using rkhunter --update
(Nerijus Baliunas)
6. Re: error on backdoorports.dat when using rkhunter --update
(John Horne)
7. Re: error on backdoorports.dat when using rkhunter --update
(Florin Popovici)
----------------------------------------------------------------------
Message: 1
Date: Tue, 29 Apr 2014 23:51:44 +0100
From: John Horne <john.ho...@plymouth.ac.uk>
Subject: Re: [Rkhunter-users] error on backdoorports.dat when using
rkhunter --update
To: rkhunter-users@lists.sourceforge.net
Message-ID: <1398811904.3672.11.camel@localhost>
Content-Type: text/plain; charset="ISO-8859-1"
On Tue, 2014-04-29 at 13:11 +0000, Davenport, Julie wrote:
> Thank you, here is the information you requested:
>
Okay, thanks for that. Since curl also failed it indicates that it is not
something peculiar to wget. (Although because the transfer works on other
servers (I assume with the same version wget), we could have deduced that
anyway.)
A quick google for similar problems isn't revealing too much. However, you
may want to try running:
wget -T 10 --tries=5 -O /tmp/bdoor.dat
http://rkhunter.sourceforge.net/1.3/backdoorports.dat
I'm not convinced that it will work. If it fails then we may have to take a
look at what the network is doing.
John.
--
----------------------------------------------------
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK Fax: +44 (0)1752 587001
------------------------------
Message: 2
Date: Wed, 30 Apr 2014 14:30:32 +0000
From: "Davenport, Julie" <jdavenp...@ctcd.edu>
Subject: Re: [Rkhunter-users] error on backdoorports.dat when using
rkhunter --update
To: John Horne <john.ho...@plymouth.ac.uk>,
"rkhunter-users@lists.sourceforge.net"
<rkhunter-users@lists.sourceforge.net>
Message-ID: <53AA753E5EA4A14784092D825AD4FD3D4F87495F@CTC3650D>
Content-Type: text/plain; charset="us-ascii"
I checked all 4 servers doing the rkhunter --update daily (the one failing
plus the # that are in the same location as it) and yes, they are all using
the same wget version:
GNU Wget 1.11.4 Red Hat modified
I tried the latest wget command you suggested and this is what happens:
[root@ctc3650f tmp]# wget -T 10 --tries=5 -O /tmp/bdoor.dat
http://rkhunter.sourceforge.net/1.3/backdoorports .dat
--2014-04-30 07:59:17--
http://rkhunter.sourceforge.net/1.3/backdoorports.dat
Resolving rkhunter.sourceforge.net... 216.34.181.96
Connecting to rkhunter.sourceforge.net|216.34.181.96|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1055 (1.0K) [text/plain]
Saving to: `/tmp/bdoor.dat'
0% [ ] 0
--.-K/s in 10s
2014-04-30 07:59:28 (0.00 B/s) - Read error at byte 0/1055 (Connection timed
out). Retrying.
:
:
[root@ctc3650f tmp]# (entire log is attached)
Again, it puts the file in /tmp but it is empty.
It does not appear to be a very large file, so it seems strange it would not
be able to sustain the network connection long enough to download it. Is
there something I can run to test if there is a network issue with this
server? (sorry, not my area of expertise).
Thanks!
Julie
-----Original Message-----
From: John Horne [mailto:john.ho...@plymouth.ac.uk]
Sent: Tuesday, April 29, 2014 5:52 PM
To: rkhunter-users@lists.sourceforge.net
Subject: Re: [Rkhunter-users] error on backdoorports.dat when using rkhunter
--update
On Tue, 2014-04-29 at 13:11 +0000, Davenport, Julie wrote:
> Thank you, here is the information you requested:
>
Okay, thanks for that. Since curl also failed it indicates that it is not
something peculiar to wget. (Although because the transfer works on other
servers (I assume with the same version wget), we could have deduced that
anyway.)
A quick google for similar problems isn't revealing too much. However, you
may want to try running:
wget -T 10 --tries=5 -O /tmp/bdoor.dat
http://rkhunter.sourceforge.net/1.3/backdoorports.dat
I'm not convinced that it will work. If it fails then we may have to take a
look at what the network is doing.
John.
--
----------------------------------------------------
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK Fax: +44 (0)1752 587001
----------------------------------------------------------------------------
--
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: wget_5tries_log.txt
------------------------------
Message: 3
Date: Wed, 30 Apr 2014 18:09:54 +0300
From: Nerijus Baliunas <neri...@users.sourceforge.net>
Subject: Re: [Rkhunter-users] error on backdoorports.dat when using
rkhunter --update
To: "rkhunter-users@lists.sourceforge.net"
<rkhunter-users@lists.sourceforge.net>
Message-ID: <mahogany-0.68.0-2622-20140430-180954...@nerijus.sat.lt>
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
On Wed, 30 Apr 2014 14:30:32 +0000 "Davenport, Julie" <jdavenp...@ctcd.edu>
wrote:
> I checked all 4 servers doing the rkhunter --update daily (the one failing
plus the # that are in the same location as it) and yes, they are all using
the same wget version:
> GNU Wget 1.11.4 Red Hat modified
Do other servers download the file successfully?
Regards,
Nerijus
------------------------------
Message: 4
Date: Wed, 30 Apr 2014 15:20:35 +0000
From: "Davenport, Julie" <jdavenp...@ctcd.edu>
Subject: Re: [Rkhunter-users] error on backdoorports.dat when using
rkhunter --update
To: Nerijus Baliunas <neri...@users.sourceforge.net>,
"rkhunter-users@lists.sourceforge.net"
<rkhunter-users@lists.sourceforge.net>
Message-ID: <53AA753E5EA4A14784092D825AD4FD3D4F8749ED@CTC3650D>
Content-Type: text/plain; charset="us-ascii"
Yes, the other 3 servers download all 4 of the .dat files successfully.
This particular server downloads the other .dat files successfully
(mirrors.dat, programs_bad.dat, suspscan.dat), it just fails when it
attempts to download the backdoorports.dat file.
Thank you.
-----Original Message-----
From: Nerijus Baliunas [mailto:neri...@users.sourceforge.net]
Sent: Wednesday, April 30, 2014 10:10 AM
To: rkhunter-users@lists.sourceforge.net
Subject: Re: [Rkhunter-users] error on backdoorports.dat when using rkhunter
--update
On Wed, 30 Apr 2014 14:30:32 +0000 "Davenport, Julie" <jdavenp...@ctcd.edu>
wrote:
> I checked all 4 servers doing the rkhunter --update daily (the one failing
plus the # that are in the same location as it) and yes, they are all using
the same wget version:
> GNU Wget 1.11.4 Red Hat modified
Do other servers download the file successfully?
Regards,
Nerijus
----------------------------------------------------------------------------
--
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
------------------------------
Message: 5
Date: Wed, 30 Apr 2014 18:36:16 +0300
From: Nerijus Baliunas <neri...@users.sourceforge.net>
Subject: Re: [Rkhunter-users] error on backdoorports.dat when using
rkhunter --update
To: "rkhunter-users@lists.sourceforge.net"
<rkhunter-users@lists.sourceforge.net>
Message-ID: <mahogany-0.68.0-2622-20140430-183616...@nerijus.sat.lt>
Content-Type: TEXT/PLAIN; CHARSET=US-ASCII
So it's not rkhunter problem. You have to troubleshoot it - look with a
network traffic sniffer for example.
On Wed, 30 Apr 2014 15:20:35 +0000 "Davenport, Julie" <jdavenp...@ctcd.edu>
wrote:
> Yes, the other 3 servers download all 4 of the .dat files successfully.
>
> This particular server downloads the other .dat files successfully
(mirrors.dat, programs_bad.dat, suspscan.dat), it just fails when it
attempts to download the backdoorports.dat file.
>
> Thank you.
>
>
>
> -----Original Message-----
> From: Nerijus Baliunas [mailto:neri...@users.sourceforge.net]
> Sent: Wednesday, April 30, 2014 10:10 AM
> To: rkhunter-users@lists.sourceforge.net
> Subject: Re: [Rkhunter-users] error on backdoorports.dat when using
rkhunter --update
>
> On Wed, 30 Apr 2014 14:30:32 +0000 "Davenport, Julie"
<jdavenp...@ctcd.edu> wrote:
>
> > I checked all 4 servers doing the rkhunter --update daily (the one
failing plus the # that are in the same location as it) and yes, they are
all using the same wget version:
> > GNU Wget 1.11.4 Red Hat modified
>
> Do other servers download the file successfully?
>
> Regards,
> Nerijus
------------------------------
Message: 6
Date: Wed, 30 Apr 2014 23:24:33 +0100
From: John Horne <john.ho...@plymouth.ac.uk>
Subject: Re: [Rkhunter-users] error on backdoorports.dat when using
rkhunter --update
To: RkhunterList <rkhunter-users@lists.sourceforge.net>
Message-ID: <1398896673.3279.6.camel@localhost>
Content-Type: text/plain; charset="ISO-8859-1"
On Wed, 2014-04-30 at 14:30 +0000, Davenport, Julie wrote:
> I checked all 4 servers doing the rkhunter --update daily (the one failing
plus the # that are in the same location as it) and yes, they are all using
the same wget version:
> GNU Wget 1.11.4 Red Hat modified
>
> I tried the latest wget command you suggested and this is what happens:
>
Okay, you first need to run '/sbin/ifconfig' to find which network
interfaces you have. You probably want something like 'eth0'.
Then in a console, and as root, run:
tcpdump -i eth0 -n net 216.34.181.96
In a different console then run 'rkhunter --update'.
The first console should show the network traffic between your server
and sourceforge. Can you show us the output please.
John.
--
----------------------------------------------------
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK Fax: +44 (0)1752 587001
------------------------------
Message: 7
Date: Sat, 3 May 2014 16:49:49 +0300
From: Florin Popovici <florin.popov...@gmail.com>
Subject: Re: [Rkhunter-users] error on backdoorports.dat when using
rkhunter --update
To: "Davenport, Julie" <jdavenp...@ctcd.edu>
Cc: RkhunterList <rkhunter-users@lists.sourceforge.net>
Message-ID:
<cabef2bbn7xvaced8ufrie1x+dg5gdqmczfukwoukrtodyk6...@mail.gmail.com>
Content-Type: text/plain; charset="utf-8"
Julie,
Your machine is probably affected by a network issue, and my guess is that
it's related to broken PMTU detection.
Confirming this is indeed the case should be easy: lower the MTU of the
[public] network interface to 300bytes, and retry the wget / curl command.
Lowering the MTU is easy:
1. type "ip link show dev eth0" (replace eth0 with your appropriate network
interface). The first line should have the "mtu" keyword somewhere,
followed by a number -- this is your actual MTU setting. You might want to
make note of it for future restoration
2. type "ip link set dev eth0 mtu 300"
3. re-type the first line, to confirm the mtu has indeed changed.
HTH
Florin
On Tue, Apr 29, 2014 at 1:27 AM, Davenport, Julie
<jdavenp...@ctcd.edu>wrote:
> Thank you for your reply. Here are the results of your suggestions:
>
> When I tried the first way:
>
> /usr/bin/wget -q -O "/tmp/rkhunter.upd.cssTY17212"
> http://rkhunter.sourceforge.net/1.3/backdoorports.dat
>
> it just hung there and did nothing, so I terminated it.
>
> When I tried it again without the -q it looked like it was trying, but
> kept giving me this error:
>
> 2014-04-28 17:19:03 (0.00 B/s) - Read error at byte 0/1055 (Connection
> reset by peer). Retrying.
>
> so I terminated that as well (see screen shot attached).
>
> It put a file in /tmp but it is empty:
>
> [root@server tmp]# pwd
> /tmp
>
> [root@server tmp]# ls -l rk*
> -rw-r--r-- 1 root root 0 Apr 28 17:18 rkhunter.upd.cssTY17212
> [root@server tmp]#
>
> Thx,
> Julie
>
>
> -----Original Message-----
> From: John Horne [mailto:john.ho...@plymouth.ac.uk]
> Sent: Monday, April 28, 2014 5:05 PM
> To: RkhunterList
> Subject: Re: [Rkhunter-users] error on backdoorports.dat when using
> rkhunter --update
>
> On Mon, 2014-04-28 at 20:40 +0000, Davenport, Julie wrote:
> >
> > I did a complete uninstall of rkhunter, removed it completely from my
> > server, downloaded the tar.gz file again from the website, and
> > re-installed it. When I ran the update I got the same error I have
> > been getting with backdoorports.dat ([ Update failed ]) and this in
> > the /var/log/rkhunter.log:
> >
> > [14:25:51] Info: Executing download command '/usr/bin/wget -q -O
> > "/var/lib/rkhunter/tmp/rkhunter.upd.cssTY17212"
> > http://rkhunter.sourceforge.net/1.3/backdoorports.dat 2>/dev/null'
> > [14:34:11] Warning: Download of 'backdoorports.dat' failed: Unable to
> > determine the latest version number.
> >
> What happens when you run the command from the command line:
>
> /usr/bin/wget -q -O "/tmp/rkhunter.upd.cssTY17212"
> http://rkhunter.sourceforge.net/1.3/backdoorports.dat
>
> This should download the file into /tmp. If it doesn't then run it again
> but without the '-q' option.
>
> Secondly, what does the downloaded file contain?
>
>
>
> John.
>
> _______________________________________________
> Rkhunter-users mailing list
> Rkhunter-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/rkhunter-users
>
>
>
----------------------------------------------------------------------------
--
> "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
> Instantly run your Selenium tests across 300+ browser/OS combos. Get
> unparalleled scalability from the best Selenium testing platform
available.
> Simple to use. Nothing to install. Get started now for free."
> http://p.sf.net/sfu/SauceLabs
> _______________________________________________
> Rkhunter-users mailing list
> Rkhunter-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/rkhunter-users
>
>
--
flo.ro
-------------- next part --------------
An HTML attachment was scrubbed...
------------------------------
----------------------------------------------------------------------------
--
"Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE
Instantly run your Selenium tests across 300+ browser/OS combos. Get
unparalleled scalability from the best Selenium testing platform available.
Simple to use. Nothing to install. Get started now for free."
http://p.sf.net/sfu/SauceLabs
------------------------------
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
End of Rkhunter-users Digest, Vol 91, Issue 1
*********************************************
------------------------------------------------------------------------------
Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
• 3 signs your SCM is hindering your productivity
• Requirements for releasing software faster
• Expert tips and advice for migrating your SCM now
http://p.sf.net/sfu/perforce
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
