John Horne wrote:
> On Fri, 2009-01-02 at 13:15 +, Dogsbody wrote:
Unfortunately so, It only happens on two binaries now but this is
on
all my fully patched/updated CentOS 4.x boxes
# prelink /usr/bin/less
prelink: /usr/lib/libncursesw.so.5.4: .debug_loc adjusti
>>> That seems to be a RHEL prelink bug:
>>> https://bugzilla.redhat.com/show_bug.cgi?id=240658
>>
>> That's the one! You would have thought they would have fixed it by now
>> :-p I'm not complaining though as I don't pay them any money :-)
>
> No, but we (my employers) do :-) Having said that
On Fri, 2009-01-02 at 13:15 +, Dogsbody wrote:
> >> Unfortunately so, It only happens on two binaries now but this is on
> >> all my fully patched/updated CentOS 4.x boxes
> >>
> >> # prelink /usr/bin/less
> >> prelink: /usr/lib/libncursesw.so.5.4: .debug_loc adjusting unfinished
> >> # preli
>> Unfortunately so, It only happens on two binaries now but this is on
>> all my fully patched/updated CentOS 4.x boxes
>>
>> # prelink /usr/bin/less
>> prelink: /usr/lib/libncursesw.so.5.4: .debug_loc adjusting unfinished
>> # prelink /usr/bin/pstree
>> prelink: /usr/lib/libncurses.so.5.4: .de
Dan wrote:
>> Are you still getting persistent prelink errors? I have not had these
>> for a very long time, and usually found that simply running 'prelink
>> ' resolves any prelink problem.
>
> Unfortunately so, It only happens on two binaries now but this is on
> all
> my fully patched/updated
Hi John,
> No it hasn't been implemented. I cannot do it until I have fixed another
> part of RKH, and I cannot do that bit because at the moment I'm having
> some problems with it. (It's not an easy problem and is taking much
> longer than I anticipated.)
No worries at all, I just wanted to make
On Thu, 2009-01-01 at 20:57 +, Dogsbody wrote:
> >>> With the release of 1.3.2 is it possible to whitelist these files or
> >>> do I have to hack /usr/local/bin/rkhunter again to delete the entries
> >>> to these three files?
> >>
> >> Sorry but whitelisting is still not possible with 1.3.2.
>>> With the release of 1.3.2 is it possible to whitelist these files or
>>> do I have to hack /usr/local/bin/rkhunter again to delete the entries
>>> to these three files?
>>
>> Sorry but whitelisting is still not possible with 1.3.2. It is on my
>> todo list, but I have just had so much other
>> With the release of 1.3.2 is it possible to whitelist these files or do I
>> have
>> to hack /usr/local/bin/rkhunter again to delete the entries to these three
>> files?
>
> Sorry but whitelisting is still not possible with 1.3.2. It is on my
> todo list, but I have just had so much other (n
On Thu, 2008-02-28 at 01:01 +, Dogsbody wrote:
>
> With the release of 1.3.2 is it possible to whitelist these files or do I
> have
> to hack /usr/local/bin/rkhunter again to delete the entries to these three
> files?
>
Sorry but whitelisting is still not possible with 1.3.2. It is on my
to
>> It's a known problem caused by prelinking
>> (https://bugzilla.redhat.com/show_bug.cgi?id=240658). The rkhunter.dat
>> file will have entries for these commands, but as the message says no
>> *hash* entry. If you run something like 'prelink /usr/bin/less' you
>> will get a
It's a known problem caused by prelinking
>>> OK .. but how can we fix/get around this in RKHunter?
>>>
>> The only way I can think of is if you use the RPM package manager.
>> Running 'rpm -Vf /usr/bin/less' it should give no error (it will show no
>> output at all). If you set the P
On Sun, 2007-12-30 at 22:26 +, John Horne wrote:
> On Sun, 2007-12-30 at 13:38 +1100, Larry wrote:
> > John Horne wrote:
> > > On Tue, 2007-12-25 at 12:54 +, Dogsbody wrote:
> > >
> > > It's a known problem caused by prelinking
> > >
> > OK .. but how can we fix/get around this in RKH
On Sun, 2007-12-30 at 13:38 +1100, Larry wrote:
> John Horne wrote:
> > On Tue, 2007-12-25 at 12:54 +, Dogsbody wrote:
> >
> > It's a known problem caused by prelinking
> >
> OK .. but how can we fix/get around this in RKHunter?
>
The only way I can think of is if you use the RPM package
On Sun, 2007-12-30 at 14:44 +0100, Nils Breunese (Lemonbit) wrote:
> Dogsbody wrote:
>
> >> It's a known problem caused by prelinking
> >> (https://bugzilla.redhat.com/show_bug.cgi?id=240658). The
> >> rkhunter.dat
> >> file will have entries for these commands, but as the message says no
> >> *
Dogsbody wrote:
>> It's a known problem caused by prelinking
>> (https://bugzilla.redhat.com/show_bug.cgi?id=240658). The
>> rkhunter.dat
>> file will have entries for these commands, but as the message says no
>> *hash* entry. If you run something like 'prelink /usr/bin/less' you
>> will
>> g
> It's a known problem caused by prelinking
> (https://bugzilla.redhat.com/show_bug.cgi?id=240658). The rkhunter.dat
> file will have entries for these commands, but as the message says no
> *hash* entry. If you run something like 'prelink /usr/bin/less' you will
> get an error. This is what RKH s
John Horne wrote:
> On Tue, 2007-12-25 at 12:54 +, Dogsbody wrote:
>
> It's a known problem caused by prelinking
>
OK .. but how can we fix/get around this in RKHunter?
A mentioned before I have it setup in cron so it only mails me if it
detects a problem, so I would like to stop it rep
On Tue, 2007-12-25 at 12:54 +, Dogsbody wrote:
> Hi,
>
> After upgrading my operating system (CentOS 4.5 to 4.6) I am getting some
> errors
> I don't quite understand. After upgrading I did a --propupd.
>
> # rkhunter --propupd
> [ Rootkit Hunter version 1.3.0 ]
> File updated: searched
> Just to make you nervous: can you put clean files into your computer
> (via a live CD)?
> Perhaps for the md5sum job too.
I can't easily do that as these are production machines.
I'd like to say that this is unlikely as this has now happened to all of my
machines at different times (some ar
On Tue, 25 Dec 2007 13:54:32 +0100 Dogsbody <[EMAIL PROTECTED]>
wrote:
># grep /less /var/lib/rkhunter/db/rkhunter.dat
>File:/usr/bin/less::594466:0755:0:0:101788:1158143116:
Dan, could please you *gzip*, attach and send the log
(/tmp/rkhunter-debug) from running 'rkhunter --debug --propupd' to
Hallo, Dogsbody,
Du (dan) meintest am 28.12.07:
>> There you should find an entry for "less" (among many other entrys).
>> It should be a new file (produced by "rkhunter --propupd").
> Yes, as Larry says, this file seems to get updated except for the
> hashes for these three files, it's all very
Hi Helmut,
> /var/lib/rkhunter/db/rkhunter.dat
> There you should find an entry for "less" (among many other entrys). It
> should be a new file (produced by "rkhunter --propupd").
Yes, as Larry says, this file seems to get updated except for the hashes for
these three files, it's all v
Hallo, Larry,
Du (rkhunter) meintest am 28.12.07:
>> /var/lib/rkhunter/db/rkhunter.dat
>> There you should find an entry for "less" (among many other entrys).
>> It should be a new file (produced by "rkhunter --propupd").
> /usr/local/rkhunter/lib/rkhunter/db/rkhunter.dat is where I found
> mine
Helmut Hullen wrote:
> /var/lib/rkhunter/db/rkhunter.dat
> There you should find an entry for "less" (among many other entrys). It
> should be a new file (produced by "rkhunter --propupd").
>
/usr/local/rkhunter/lib/rkhunter/db/rkhunter.dat is where I found mine,
all of the ones RKHunter is w
Hallo, Dogsbody,
Du (dan) meintest am 25.12.07:
> After upgrading my operating system (CentOS 4.5 to 4.6) I am getting
> some errors I don't quite understand. After upgrading I did a
> --propupd.
> # rkhunter --propupd
> [ Rootkit Hunter version 1.3.0 ]
> File updated: searched for 147 files,
>> # rkhunter --propupd
>> [ Rootkit Hunter version 1.3.0 ]
>> File updated: searched for 147 files, found 124, missing hashes 3
>>
>> # grep /less /var/lib/rkhunter/db/rkhunter.dat
>> File:/usr/bin/less::594466:0755:0:0:101788:1158143116:
>>
>> Can you please tell me what I'm doing wrong.
>
> H
[EMAIL PROTECTED] wrote:
> Hmm. Well, maybe you're not doing anything wrong. What does 'file
> /usr/bin/less' say?
>
I am having this problem too .. tried all the 'options' resolving it
would be nice so I do not get the compromised message each morning.
[EMAIL PROTECTED] [~]# file /usr/bin/le
Hello Dogsbody,
On Tue, 25 Dec 2007 13:54:32 +0100 Dogsbody <[EMAIL PROTECTED]>
wrote:
>After upgrading my operating system (CentOS 4.5 to 4.6) I am
>getting some errors
> I don't quite understand. After upgrading I did a --propupd.
>
># rkhunter --propupd
>[ Rootkit Hunter version 1.3.0 ]
>F
Hi,
After upgrading my operating system (CentOS 4.5 to 4.6) I am getting some
errors
I don't quite understand. After upgrading I did a --propupd.
# rkhunter --propupd
[ Rootkit Hunter version 1.3.0 ]
File updated: searched for 147 files, found 124, missing hashes 3
# rkhunter --cronjob --re
30 matches
Mail list logo
