Hi,
we faced a similar problem, but checking /var/log/rkhunter/rkhunter.log
showed the real issue.
We're using prelinking, which apparently relies on SHA1 checksums.
The new rkhunter comes with SHA256 default hashing.
# echo "HASH_CMD=sha1sum" >> /etc/rkhunter.conf.local
solved the problem. That was on a CentOS server, but maybe it's relevant
even so.
Best regards,
Iosif Fettich
On Sun, 23 Jul 2017, David G. Miller wrote:
On 07/22/2017 04:47 AM, Alec Habig wrote:
David G. Miller writes:
Warning: The file '/usr/bin/ipcs' exists on the system, but it
is not present in the 'rkhunter.dat' file.
I think this is the relevant bit. Looks to me like the updated rkhunter
changed how it cares about ipcs to resolve this localization bug bug
against the 1.4.2 version:
https://sourceforge.net/p/rkhunter/mailman/message/32127754/
Since the last time you did a "--propupd" to set up the DB of what your
system's "OK" state was with with the old bugged cersion, the daily
check complains (in a less than informative fashion).
I just satisfied myself that ipcs was an ok copy and did a --propupd,
and now the rkhunter cron job is happy.
The -propupd helped with the ipcs file problem but didn't fix the "missing"
hashes. 1.4.4-1 continues to complain that they're missing and 1.4.2 is
happy with no changes to the system other than reverting to rkhunter-1.4.2-8.
Cheers,
Dave
--
"They that can give up essential liberty to obtain a little temporary safety
deserve neither safety nor liberty."
-- Benjamin Franklin
