Hi Sam, Thanks for your e-mail.
Le mardi 26 août 2008 à 03:30 +0100, Sam Kuper a écrit : > Dear Debian users and rkhunter maintainers for Etch, > > I've been trying to set up rkhunter on my Debian Etch VPS, and I've > run into a few problems. (In case it's significant, this VPS is > virtualised via OpenVZ; I have root access to the VPS but not the > underlying system.) > > The first problem is this. When I run rkhunter -c, after performing > the 'known bad' checks, rkhunter gives the message, "Performing 'known > good' check... Info: Check skipped - no hashes available". > This is the default situation, you first have to create the hashes database. [...] Be sure to understand that rkhunter hashes test is not meant to replace more powerful tools, like eg. integrit. > (1*) Use the version of hashupd.sh at > http://rkhunter.cvs.sourceforge.net/rkhunter/hashupd/ . I'm a little > nervous about doing this, as it's not the same age as rkhunter 1.2.9 > and may not be totally compatible. Rootkit detection isn't to be > trifled with, so I'd rather not take the risk without assurances from > Debian's rkhunter maintainer that this version of hashupd.sh is okay > for use with 1.2.9. (NB. I've asked the rkhunter-users list if I can > ask for support there for 1.2.9; the answer was: no. See email below.) > Micah, Julien, is this version of hashupd.sh okay for use with > rkhunter 1.2.9? Yes, I think so, though not recently tested. 1.3.2 has a replacement tool for hashupd.sh embedded in the core package. > (2*) Use the package from Lenny instead. I'm loath to do this. It > feels like a slippery slope. I really want to run a pure Debian Stable > system if at all possible. But if consensus among users/maintainers is > that using the package from Lenny is the best solution to problem 2, > I'll be willing to try it. Not needed > (3*) Forego the Debian packages altogether; just download the source > and build it myself. Well, it's certainly possible. But that would > kind of defeat the main reason I chose to run Debian: easy and fast > package management and upgrades; minimal compiling necessary. I supply ***unofficial*** backports of rkhunter package in my personal repository at http://packages.kirya.net I use these backports on my servers. This might be the best solution for you is you want to benefit from all the improvements of the newer releases. > (4) Request the Debian Etch rkhunter maintainers to upgrade rkhunter > in Etch to version 1.3.2. If successful, this would undoubtedly be the > best solution. Dear Micah and Julien, how about it? Sysadmins will > love you even more than they do already! :) Etch is the current stable distribution, hence cannot be updated (except for major issues, eg. security fixes). > Looking forward to your replies, > > Sam > > ---------- Forwarded message ---------- > From: Nils Breunese (Lemonbit) <[EMAIL PROTECTED]> > Date: 2008/8/25 > Subject: Re: [Rkhunter-users] Welcome to the "Rkhunter-users" mailing list > To: [EMAIL PROTECTED] > Sam Kuper wrote: > > Q1) The advice page for this mailing list states, "If you are not > > running the latest version: please check the website for the latest > > version and upgrade first." I use Debian 4 (Etch), which is the > > latest stable Debian release. Like most users of Debian stable, I > > upgrade by using "apt-get update; apt-get upgrade". Doing this gives > > me rkhunter 1.2.9, whereas running "rkhunter --versioncheck" reveals > > that the latest release of rkhunter is 1.3.2. I do not want to use > > "testing" Debian packages on my server, as I am concerned about > > stability. Yet rkhunter 1.2.9 is giving me some problems. My > > question is, then: can I expect support from this mailing list for > > rkhunter 1.2.9 or must I look elsewhere? > > rkhunter 1.2.9 is not supported anymore. Contact Debian's package > maintainer if you have problems with this old version. > > > Q2) The advice page for this mailing list states, "Hashupd is on our > > download page. Please see the FAQ for details." Actually, it isn't, > > and yes, I have checked the online FAQ for an up-to-date link to the > > download page, in case I was looking in the wrong place. So, please > > could you tell me where I can obtain Hashupd? > > hashupd was a script for rkhunter 1.2.9. The rkhunter 1.2.9 files are > no longer available on the project page, so that's probably why > hashupd is also no longer there. The FAQ should be updated, yes. > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]