Bug#489000: rkhunter: database must be read-write even for check only
On Thu, 31 Jul 2008 19:26:33 +0200 Julien Valroff <[EMAIL PROTECTED]> wrote: > Hi Daniel, > > I have added a patch to SVN so that the check is only made when > databases or i18n files are updated (ie.when using --propupd or > --update). > > Would you please test the following package: > http://alioth.debian.org/~julien-guest/rkhunter_1.3.2-5_all.deb > > or build your own from SVN > > I will then report upstream and check this has no other consequences. It works. -- And that's my crabbing done for the day. Got it out of the way early, now I have the rest of the afternoon to sniff fragrant tea-roses or strangle cute bunnies or something. -- Michael Devore GnuPG Key Fingerprint 86 F5 81 A5 D4 2E 1F 1C http://gnupg.org No more sea shells: Daniel's Webloghttp://cshore.wordpress.com signature.asc Description: PGP signature
Bug#489000: rkhunter: database must be read-write even for check only
Hi Daniel, Le lundi 21 juillet 2008 à 20:54 -0400, Daniel Dickinson a écrit : [...] > > > It is impossible to store the database on write-protected media > > > unless you use unionfs of aufs because rkhunter wants read-write > > > access to the database directory even for a check only (no > > > update). I am using an SD card set to write protected most of the > > > time and on read-write for updates. I've had to use aufs to be > > > able get rkhunter to do checks, which shouldn't be necessary. [...] > It doesn't appear to be test specific as sudo rkhunter --list tests > gives: > Database directory is not writable: /var/lib/rkhunter/db I have added a patch to SVN so that the check is only made when databases or i18n files are updated (ie.when using --propupd or --update). Would you please test the following package: http://alioth.debian.org/~julien-guest/rkhunter_1.3.2-5_all.deb or build your own from SVN I will then report upstream and check this has no other consequences. Cheers, Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#489000: rkhunter: database must be read-write even for check only
Le jeu, 31 jui 2008, Teodor <[EMAIL PROTECTED]> évrivait : On Tue, Jul 22, 2008 at 3:54 AM, Daniel Dickinson <[EMAIL PROTECTED]> wrote: It doesn't appear to be test specific as sudo rkhunter --list tests gives: Database directory is not writable: /var/lib/rkhunter/db Did you manually changed that? I don't have this message from rkhunter, nor the directory is read-only. Daniel has set-up a read-only partition. According to the latest information, I guess the test is made too early in the script. It should only be made when updating the database. I will have a look at it ASAP and talk to the upstream if changing this would have any other unwanted consquence. Cheers, Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#489000: rkhunter: database must be read-write even for check only
On Thu, 31 Jul 2008 12:13:14 +0300 Teodor <[EMAIL PROTECTED]> wrote: > On Tue, Jul 22, 2008 at 3:54 AM, Daniel Dickinson > <[EMAIL PROTECTED]> wrote: > > It doesn't appear to be test specific as sudo rkhunter --list tests > > gives: > > Database directory is not writable: /var/lib/rkhunter/db > > Did you manually changed that? I don't have this message from > rkhunter, nor the directory is read-only. > I have /var/lib/rkhunter/db on media that is normally write protected (my objective is the have the database on read-only media to ensure that the database isn't altered unless I want it to be; I've successfully done the same thing with tripwire, in fact that's where I got the idea since it recommends keeping the db on ro media). Regards, Daniel -- And that's my crabbing done for the day. Got it out of the way early, now I have the rest of the afternoon to sniff fragrant tea-roses or strangle cute bunnies or something. -- Michael Devore GnuPG Key Fingerprint 86 F5 81 A5 D4 2E 1F 1C http://gnupg.org No more sea shells: Daniel's Webloghttp://cshore.wordpress.com signature.asc Description: PGP signature
Bug#489000: rkhunter: database must be read-write even for check only
On Tue, Jul 22, 2008 at 3:54 AM, Daniel Dickinson <[EMAIL PROTECTED]> wrote: > It doesn't appear to be test specific as sudo rkhunter --list tests > gives: > Database directory is not writable: /var/lib/rkhunter/db Did you manually changed that? I don't have this message from rkhunter, nor the directory is read-only. Thanks piti:~# rkhunter --list tests Available test names: additional_rkts all apps attributes deleted_files filesystem group_accounts group_changes hashes hidden_procs immutable known_rkts local_host malware network none os_specific other_malware packet_cap_apps passwd_changes ports possible_rkt_files possible_rkts possible_rkt_strings promisc properties rootkits running_procs scripts shared_libs shared_libs_path startup_files startup_malware strings suspscan system_commands system_configs trojans Grouped test names: additional_rkts => possible_rkt_files possible_rkt_strings group_accounts => group_changes passwd_changes local_host => filesystem group_changes passwd_changes startup_malware system_configs malware => deleted_files hidden_procs other_malware running_procs suspscan network => packet_cap_apps ports promisc possible_rkts => possible_rkt_files possible_rkt_strings properties => attributes hashes immutable scripts rootkits=> deleted_files hidden_procs known_rkts os_specific other_malware possible_rkt_files possible_rkt_strings running_procs suspscan trojans shared_libs => shared_libs_path startup_files => startup_malware system_commands => attributes hashes immutable scripts shared_libs_path strings piti:~# piti:~# piti:~# piti:~# apt-cache policy rkhunter rkhunter: Installed: 1.3.2-4 Candidate: 1.3.2-4 Version table: *** 1.3.2-4 0 500 http://ftp.ro.debian.org sid/main Packages 500 http://ftp.us.debian.org sid/main Packages 100 /var/lib/dpkg/status 1.3.2-3 0 990 http://ftp.ro.debian.org lenny/main Packages 990 http://ftp.de.debian.org lenny/main Packages 990 http://ftp.fr.debian.org lenny/main Packages 1.2.9-2 0 500 http://ftp.ro.debian.org etch/main Packages piti:~# piti:~# piti:~# ls -ld /var/lib/rkhunter/db drwxr-xr-x 3 root root 344 2008-07-31 12:10 /var/lib/rkhunter/db -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#489000: rkhunter: database must be read-write even for check only
On Wed, 09 Jul 2008 20:17:29 +0200 Julien Valroff <[EMAIL PROTECTED]> wrote: > Hi Daniel, > > Le mercredi 02 juillet 2008 à 12:52 -0400, Daniel Dickinson a écrit : > > Package: rkhunter > > Version: 1.3.2-3 > > Severity: normal > > > > > > It is impossible to store the database on write-protected media > > unless you use unionfs of aufs because rkhunter wants read-write > > access to the database directory even for a check only (no > > update). I am using an SD card set to write protected most of the > > time and on read-write for updates. I've had to use aufs to be > > able get rkhunter to do checks, which shouldn't be necessary. > > Thanks for reporting this issue. > > Would you please try and find which check needs write access to the DB > dir (hashes, attributes...)? > You can run 'rkhunter --enable [test name]' to enable one test only. > 'rkhunter --list tests' will give you the list of all available tests. It doesn't appear to be test specific as sudo rkhunter --list tests gives: Database directory is not writable: /var/lib/rkhunter/db -- And that's my crabbing done for the day. Got it out of the way early, now I have the rest of the afternoon to sniff fragrant tea-roses or strangle cute bunnies or something. -- Michael Devore GnuPG Key Fingerprint 86 F5 81 A5 D4 2E 1F 1C http://gnupg.org No more sea shells: Daniel's Webloghttp://cshore.wordpress.com signature.asc Description: PGP signature
Bug#489000: rkhunter: database must be read-write even for check only
Hi Daniel, Le mercredi 02 juillet 2008 à 12:52 -0400, Daniel Dickinson a écrit : > Package: rkhunter > Version: 1.3.2-3 > Severity: normal > > > It is impossible to store the database on write-protected media unless > you use unionfs of aufs because rkhunter wants read-write access to > the database directory even for a check only (no update). I am using > an SD card set to write protected most of the time and on read-write > for updates. I've had to use aufs to be able get rkhunter to do > checks, which shouldn't be necessary. Thanks for reporting this issue. Would you please try and find which check needs write access to the DB dir (hashes, attributes...)? You can run 'rkhunter --enable [test name]' to enable one test only. 'rkhunter --list tests' will give you the list of all available tests. Thanks Julien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#489000: rkhunter: database must be read-write even for check only
Package: rkhunter Version: 1.3.2-3 Severity: normal It is impossible to store the database on write-protected media unless you use unionfs of aufs because rkhunter wants read-write access to the database directory even for a check only (no update). I am using an SD card set to write protected most of the time and on read-write for updates. I've had to use aufs to be able get rkhunter to do checks, which shouldn't be necessary. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages rkhunter depends on: ii binutils2.18.1~cvs20080103-4 The GNU assembler, linker and bina ii debconf [debconf-2. 1.5.22 Debian configuration management sy ii exim4 4.69-5 meta-package to ease Exim MTA (v4) ii exim4-daemon-light 4.69-5+b1lightweight Exim MTA (v4) daemon ii file4.24-2 Determines file type using "magic" ii net-tools 1.60-19 The NET-3 networking toolkit ii perl5.10.0-11Larry Wall's Practical Extraction Versions of packages rkhunter recommends: ii curl 7.18.2-1Get a file from an HTTP, HTTPS or ii elinks 0.11.3-7+b1 advanced text-mode WWW browser ii iproute 20080417-1 networking and traffic control too ii libmd5-perl 2.03-1 backwards-compatible wrapper for D ii unhide 20071102-2 Forensic tool to find hidden proce ii wget 1.11.3-1retrieves files from the web -- debconf information: rkhunter/apt_autogen: false rkhunter/cron_daily_run: rkhunter/cron_db_update: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
