Hi Hand Do this,
prelink -uma now run rkhunter again and paste output here. Sujit On Wednesday 22 November 2006 22:15, Hans @ Tind.nl wrote: > Hi Sujit, > > Thank u for your reply. > Im not completely sure what u mean but the errors im getting are: > > * System tools > Performing 'known good' check... > /bin/cat [ BAD ] > /bin/chmod [ BAD ] > /bin/chown [ BAD ] > /bin/date [ BAD ] > /bin/dmesg [ BAD ] > /bin/env [ BAD ] > /bin/grep [ BAD ] > /bin/kill [ BAD ] > /bin/login [ BAD ] > /bin/ls [ BAD ] > /bin/more [ BAD ] > /bin/mount [ BAD ] > /bin/netstat [ OK ] > /bin/ps [ BAD ] > /bin/su [ OK ] > /sbin/chkconfig [ BAD ] > /sbin/depmod [ BAD ] > /sbin/ifconfig [ OK ] > /sbin/init [ BAD ] > /sbin/insmod [ BAD ] > /sbin/ip [ BAD ] > /sbin/lsmod [ BAD ] > /sbin/modinfo [ BAD ] > /sbin/modprobe [ BAD ] > /sbin/rmmod [ BAD ] > /sbin/runlevel [ BAD ] > /sbin/sulogin [ BAD ] > /sbin/sysctl [ BAD ] > /sbin/syslogd [ OK ] > /usr/bin/chattr [ BAD ] > /usr/bin/du [ BAD ] > /usr/bin/file [ BAD ] > /usr/bin/find [ BAD ] > /usr/bin/head [ BAD ] > /usr/bin/killall [ BAD ] > /usr/bin/lsattr [ BAD ] > /usr/bin/md5sum [ BAD ] > /usr/bin/passwd [ BAD ] > /usr/bin/pstree [ BAD ] > /usr/bin/sha1sum [ BAD ] > /usr/bin/slocate [ BAD ] > /usr/bin/stat [ BAD ] > /usr/bin/strings [ BAD ] > /usr/bin/top [ BAD ] > /usr/bin/users [ BAD ] > /usr/bin/vmstat [ BAD ] > /usr/bin/w [ BAD ] > /usr/bin/watch [ BAD ] > /usr/bin/wc [ BAD ] > /usr/bin/wget [ OK ] > /usr/bin/whereis [ BAD ] > /usr/bin/who [ BAD ] > /usr/bin/whoami [ BAD ] > /usr/sbin/xinetd [ OK ] > --------------------------------------------------------------------------- >----- Rootkit Hunter has found some bad or unknown hashes. This can happen > due to replaced > binaries or updated packages (which give other hashes). Be sure your hashes > are > up-to-date (rkhunter --update). If you're in doubt about these hashes, > contact > us through the Rootkit Hunter mailinglist at > [EMAIL PROTECTED] > --------------------------------------------------------------------------- >----- > > After this i tried the howto on this subject on Sourcefourge ( > http://sourceforge.net/docman/display_doc.php?docid=35179&group_id=155034 ) > and i tried this section : > > 1) If you are running SELinux then temporarily disable it by > typing in 'setenforce 0'; > Note: If you are unsure whther you are running SELinux or > not, then type in 'sestatus'. > A line containing 'Current mode: enforcing' indicates that > you are running SELinux. If it says 'permissive', then you > are not currently running SELinux, and can ignore the steps > about SELinux. > > 2) Run the daily prelink update script - to do this type in > '/etc/cron.daily/prelink'; > > 3) Run the hashupd.sh script to update your local hash values; > > 4) Run rkhunter; > > 5) If rkhunter still shows 'BAD' hash entries, then type in > 'rm /etc/prelink.cache' and repeat the procedure from step 2. > Note: Step 2 may now take some time to complete. > > 6) Re-enable SELinux, if you disabled it, by typing in > 'setenforce 1'. Hopefully rkhunter will now work without > any problems with hash values.Still RKH starts and i get BAD or > unknown hashes.Hope u can help :)ThanksHans > > > > > ----- Original Message ----- > From: "Sujit Nair" <[EMAIL PROTECTED]> > To: <[email protected]> > Sent: Wednesday, November 22, 2006 5:19 PM > Subject: Re: [Rkhunter-users] Bad lines again > > > Hi Hans, > > > > Can you post the exact errors you are getting. If it is about the prelink > > errors you can try the following : > > > > prelink -uma ( remove all prelink ) > > > > prelink -av ( prelink all libraries ) > > > > (If you are using libsafe you are bound to see some prelink errors that > > can be > > safely ignored ). > > > > Sujit > > > > On Wednesday 22 November 2006 15:08, Hans @ Tind.nl wrote: > >> Hi , > >> > >> Ive been using RKH for a long time now but since i updated my CentOs to > >> 4.4 > >> ive been getting some strange errors. > >> > >> I downloaded version 1.29 from SF to update because the --update did not > >> work. After installing ( over prev version ) the first run showed my os > >> was > >> not supported so i ran the hashupd.sh and did everything according the > >> FAQ. > >> hashupd gives me : > >> [EMAIL PROTECTED] rkhunter]# sh hashupd.sh > >> [WARN] Could not find usable directory for temp files. Default to > >> /var/tmp. > >> [INFO] Found release: "CentOS release 4.4 (Final)" > >> [INFO] "CentOS release 4.4 (Final)" is seq nr 724 > >> [INFO] updated hashes. > >> [EMAIL PROTECTED] rkhunter]# > >> > >> After this when i do --checkall the OS not supported is gone but the BAD > >> lines still come back. > >> > >> I tried to do the '/etc/cron.daily/prelink' but that gives me this > >> error: [EMAIL PROTECTED] rkhunter]# /etc/cron.daily/prelink > >> /etc/cron.daily/prelink: line 47: 3223 Aborted > >> /usr/sbin/prelink -av $PRELINK_OPTS >>/var/log/prelink.log 2>&1 > >> > >> Can anyone point me in the right direction or tell me what im doing > >> wrong? > >> > >> > >> Thanks > >> > >> Hans > > > > ------------------------------------------------------------------------- > > Take Surveys. Earn Cash. Influence the Future of IT > > Join SourceForge.net's Techsay panel and you'll get the chance to share > > your > > opinions on IT & business topics through brief surveys - and earn cash > > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > > _______________________________________________ > > Rkhunter-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/rkhunter-users > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share > your opinions on IT & business topics through brief surveys - and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Rkhunter-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/rkhunter-users ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
