Hi Sujit, Thank u for your reply. Im not completely sure what u mean but the errors im getting are:
* System tools Performing 'known good' check... /bin/cat [ BAD ] /bin/chmod [ BAD ] /bin/chown [ BAD ] /bin/date [ BAD ] /bin/dmesg [ BAD ] /bin/env [ BAD ] /bin/grep [ BAD ] /bin/kill [ BAD ] /bin/login [ BAD ] /bin/ls [ BAD ] /bin/more [ BAD ] /bin/mount [ BAD ] /bin/netstat [ OK ] /bin/ps [ BAD ] /bin/su [ OK ] /sbin/chkconfig [ BAD ] /sbin/depmod [ BAD ] /sbin/ifconfig [ OK ] /sbin/init [ BAD ] /sbin/insmod [ BAD ] /sbin/ip [ BAD ] /sbin/lsmod [ BAD ] /sbin/modinfo [ BAD ] /sbin/modprobe [ BAD ] /sbin/rmmod [ BAD ] /sbin/runlevel [ BAD ] /sbin/sulogin [ BAD ] /sbin/sysctl [ BAD ] /sbin/syslogd [ OK ] /usr/bin/chattr [ BAD ] /usr/bin/du [ BAD ] /usr/bin/file [ BAD ] /usr/bin/find [ BAD ] /usr/bin/head [ BAD ] /usr/bin/killall [ BAD ] /usr/bin/lsattr [ BAD ] /usr/bin/md5sum [ BAD ] /usr/bin/passwd [ BAD ] /usr/bin/pstree [ BAD ] /usr/bin/sha1sum [ BAD ] /usr/bin/slocate [ BAD ] /usr/bin/stat [ BAD ] /usr/bin/strings [ BAD ] /usr/bin/top [ BAD ] /usr/bin/users [ BAD ] /usr/bin/vmstat [ BAD ] /usr/bin/w [ BAD ] /usr/bin/watch [ BAD ] /usr/bin/wc [ BAD ] /usr/bin/wget [ OK ] /usr/bin/whereis [ BAD ] /usr/bin/who [ BAD ] /usr/bin/whoami [ BAD ] /usr/sbin/xinetd [ OK ] -------------------------------------------------------------------------------- Rootkit Hunter has found some bad or unknown hashes. This can happen due to replaced binaries or updated packages (which give other hashes). Be sure your hashes are up-to-date (rkhunter --update). If you're in doubt about these hashes, contact us through the Rootkit Hunter mailinglist at [EMAIL PROTECTED] -------------------------------------------------------------------------------- After this i tried the howto on this subject on Sourcefourge ( http://sourceforge.net/docman/display_doc.php?docid=35179&group_id=155034 ) and i tried this section : 1) If you are running SELinux then temporarily disable it by typing in 'setenforce 0'; Note: If you are unsure whther you are running SELinux or not, then type in 'sestatus'. A line containing 'Current mode: enforcing' indicates that you are running SELinux. If it says 'permissive', then you are not currently running SELinux, and can ignore the steps about SELinux. 2) Run the daily prelink update script - to do this type in '/etc/cron.daily/prelink'; 3) Run the hashupd.sh script to update your local hash values; 4) Run rkhunter; 5) If rkhunter still shows 'BAD' hash entries, then type in 'rm /etc/prelink.cache' and repeat the procedure from step 2. Note: Step 2 may now take some time to complete. 6) Re-enable SELinux, if you disabled it, by typing in 'setenforce 1'. Hopefully rkhunter will now work without any problems with hash values.Still RKH starts and i get BAD or unknown hashes.Hope u can help :)ThanksHans ----- Original Message ----- From: "Sujit Nair" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Wednesday, November 22, 2006 5:19 PM Subject: Re: [Rkhunter-users] Bad lines again > Hi Hans, > > Can you post the exact errors you are getting. If it is about the prelink > errors you can try the following : > > prelink -uma ( remove all prelink ) > > prelink -av ( prelink all libraries ) > > (If you are using libsafe you are bound to see some prelink errors that > can be > safely ignored ). > > Sujit > On Wednesday 22 November 2006 15:08, Hans @ Tind.nl wrote: >> Hi , >> >> Ive been using RKH for a long time now but since i updated my CentOs to >> 4.4 >> ive been getting some strange errors. >> >> I downloaded version 1.29 from SF to update because the --update did not >> work. After installing ( over prev version ) the first run showed my os >> was >> not supported so i ran the hashupd.sh and did everything according the >> FAQ. >> hashupd gives me : >> [EMAIL PROTECTED] rkhunter]# sh hashupd.sh >> [WARN] Could not find usable directory for temp files. Default to >> /var/tmp. >> [INFO] Found release: "CentOS release 4.4 (Final)" >> [INFO] "CentOS release 4.4 (Final)" is seq nr 724 >> [INFO] updated hashes. >> [EMAIL PROTECTED] rkhunter]# >> >> After this when i do --checkall the OS not supported is gone but the BAD >> lines still come back. >> >> I tried to do the '/etc/cron.daily/prelink' but that gives me this error: >> [EMAIL PROTECTED] rkhunter]# /etc/cron.daily/prelink >> /etc/cron.daily/prelink: line 47: 3223 Aborted >> /usr/sbin/prelink -av $PRELINK_OPTS >>/var/log/prelink.log 2>&1 >> >> Can anyone point me in the right direction or tell me what im doing >> wrong? >> >> >> Thanks >> >> Hans > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share > your > opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Rkhunter-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/rkhunter-users > ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
