rkhunter does not like FC4 x86_64

[François Patte]

John Horne a écrit :
> On Tue, 2006-10-17 at 12:36 +0200, François Patte wrote:
> 
>>Why FC4 x86_64 is not listed in /var/rkhunter/db/os.dat 
>>
> 
> Only O/S's which we were given hash entries for could be listed.
> 
> 
>>and why, if I 
>>change i386 to x86_64 on the line FC4, something changes it back to i386?
>>
> 
> This would only happen if you ran 'rkhunter --update'. The os.dat file
> is not changed by anything else.

so it is /etc/cron.daily/01-rkhunter the culprit.

>>How to add a new line with FC4 x84_64 in this file?
>>
> 
>>From the (CVS) FAQ:
> 
>    4.1) What does the warning "Determining OS... Warning: this
>      operating system is not fully supported!" mean?
> 
>      It simply means that not all functions and checks can be
>      performed, because the system is 'unknown' to RKH.
> 
>      If you want support for the O/S, then please open a
>      'Support request' in the RKH tracker system on the web site.
> 
> Include information such as the contents of your /etc/fedora-release
> file. You will also need to download the hashupd utility from the RKH
> web site, and run that. Send us the output and attach the new os.dat
> file.

I'll do it.

>
>>rkhunter send a warning message (this machine can be infected) if the OS 
>>is not in the file os.dat and, doing so, how can we trust rkhunter in 
>>that case?
>>
> 
> It does not any such thing!! All it says is that the O/S is not fully
> supported. In that case no MD5 hash check will be done, but the other
> tests will run. If one of them finds something wrong then it will say
> there is a possibility of infection, but that is nothing to with the O/S
> being supported or not.

The exact text message sent is:

Please inspect this machine, because it can be infected

message has subject: [rkhunter] Warnings found for dipankar

This is not so much comforting!

-- 
François Patte
UFR de mathématiques et informatique
Université René Descartes
http://www.math-info.univ-paris5.fr/~patte