rkhunter does not like FC4 x86_64
François Patte
francois.patte at math-info.univ-paris5.fr
Tue Oct 17 12:45:10 UTC 2006
John Horne a écrit :
> On Tue, 2006-10-17 at 12:36 +0200, François Patte wrote:
>
>>Why FC4 x86_64 is not listed in /var/rkhunter/db/os.dat
>>
>
> Only O/S's which we were given hash entries for could be listed.
>
>
>>and why, if I
>>change i386 to x86_64 on the line FC4, something changes it back to i386?
>>
>
> This would only happen if you ran 'rkhunter --update'. The os.dat file
> is not changed by anything else.
so it is /etc/cron.daily/01-rkhunter the culprit.
>>How to add a new line with FC4 x84_64 in this file?
>>
>
>>From the (CVS) FAQ:
>
> 4.1) What does the warning "Determining OS... Warning: this
> operating system is not fully supported!" mean?
>
> It simply means that not all functions and checks can be
> performed, because the system is 'unknown' to RKH.
>
> If you want support for the O/S, then please open a
> 'Support request' in the RKH tracker system on the web site.
>
> Include information such as the contents of your /etc/fedora-release
> file. You will also need to download the hashupd utility from the RKH
> web site, and run that. Send us the output and attach the new os.dat
> file.
I'll do it.
>
>>rkhunter send a warning message (this machine can be infected) if the OS
>>is not in the file os.dat and, doing so, how can we trust rkhunter in
>>that case?
>>
>
> It does not any such thing!! All it says is that the O/S is not fully
> supported. In that case no MD5 hash check will be done, but the other
> tests will run. If one of them finds something wrong then it will say
> there is a possibility of infection, but that is nothing to with the O/S
> being supported or not.
The exact text message sent is:
Please inspect this machine, because it can be infected
message has subject: [rkhunter] Warnings found for dipankar
This is not so much comforting!
--
François Patte
UFR de mathématiques et informatique
Université René Descartes
http://www.math-info.univ-paris5.fr/~patte
More information about the fedora-list
mailing list