Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
rkhunter - Warning: Cannot find md5_not_known
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
afterthefall
n00b
n00b


Joined: 19 May 2003
Posts: 40

PostPosted: Wed Jul 14, 2004 5:48 am    Post subject: rkhunter - Warning: Cannot find md5_not_known Reply with quote

Code:
# rkhunter -c


Produces the following:

Code:
Rootkit Hunter 1.1.1 is running

Determining OS... Warning: this operating system is not fully supported!
Ready
Warning: Cannot find md5_not_known
All MD5 checks will be skipped!


Checking binaries
* Selftests
     Strings (command)     [ OK ]


* System tools
     Skipped!
...


I have a relatively fresh install of Gentoo (2.5.7-gentoo-r8 ) with a bare minimum of apps installed. Was wondering if anyone else had seen this?

EDIT: that should be 2.6.7-gentoo-r8, not 2.5.7


- Brian


Last edited by afterthefall on Wed Jul 14, 2004 1:43 pm; edited 2 times in total
Back to top
View user's profile Send private message
spudicus
Apprentice
Apprentice


Joined: 05 Dec 2002
Posts: 177
Location: Geraldton, Australia

PostPosted: Wed Jul 14, 2004 6:37 am    Post subject: Reply with quote

Firstly, I'm running 2.6.7 kernel and rkhunter-1.0.9
rkhunter-1.0.9 was only recently unmasked, so version 1.1.1 may be masked for a while longer.

I installed version 1.1.1 to see if I could reproduce the error but so far I've been unsuccessful.

What does the following ouput
Code:
 cat /usr/lib/rkhunter/db/os.dat | grep Gentoo

This assumes your running gentoo on an intel-compatible machine.
You should get the following output:
Code:
119:Gentoo Linux 1.4 (i386):/usr/bin/md5sum:/bin:

If not have you tried re-emerging rkhunter?
Does the following ourput 1.4?
Code:
cat /etc/gentoo-release | awk '{ print $5 }' | cut -d '.' -f1,2
1.4

Do you get the following output?
Code:
whereis md5sum
md5sum: /usr/bin/md5sum /usr/man/man1/md5sum.1.gz /usr/share/man/man1/md5sum.1.gz
Back to top
View user's profile Send private message
afterthefall
n00b
n00b


Joined: 19 May 2003
Posts: 40

PostPosted: Wed Jul 14, 2004 1:42 pm    Post subject: Reply with quote

Code:
# cat /usr/lib/rkhunter/db/os.dat | grep Gentoo
119:Gentoo Linux 1.4 (i386):/usr/bin/md5sum:/bin:

Code:
# whereis md5sum
md5sum: /usr/bin/md5sum /usr/man/man1/md5sum.1.gz /usr/share/man/man1/md5sum.1.gz

Code:
# cat /etc/gentoo-release | awk '{ print $5 }' | cut -d '.' -f1,2
1.5

Code:
# cat /etc/make.conf | grep KEYWORDS
ACCEPT_KEYWORDS="~x86"


The latter probably has something to do with it (or something with the the Gentoo "version" compatability), because md5sum is in its proper place. I'll try reproducing the message with earlier versions.

- Brian
Back to top
View user's profile Send private message
nikai
Apprentice
Apprentice


Joined: 02 Oct 2002
Posts: 270
Location: Kitzbühel, Austria

PostPosted: Wed Jul 14, 2004 2:12 pm    Post subject: Reply with quote

rkhunter only knows about Gentoo 1.4.
I sent patches for ppc32 and 1.5 last week, I've been told they were accepted upstream:

Code:
--- /usr/bin/rkhunter-1.1.1     2004-07-08 20:08:16.000000000 +0200
+++ /usr/bin/rkhunter   2004-07-08 22:57:39.000000000 +0200
@@ -1740,6 +1740,7 @@
            uname_model=`uname -m`
                case $uname_model in
                    i[0-9]86) architecture=i386; ;;
+                   ppc) architecture=powerpc; ;;
                esac
                logtext "Architecture ${uname_model} (->${architecture})"


Code:
--- /usr/lib/rkhunter/db/os.dat-1.1.1   2004-07-08 21:16:49.000000000 +0200
+++ /usr/lib/rkhunter/db/os.dat 2004-07-08 22:50:40.000000000 +0200
@@ -20,6 +20,9 @@
 117:Mandrake Linux release 9.2 (FiveStar) for i586:/usr/bin/md5sum:/bin:
 118:Fedora Core release 1 (Yarrow) (i386):/usr/bin/md5sum:/bin:
 119:Gentoo Linux 1.4 (i386):/usr/bin/md5sum:/bin:
+119:Gentoo Linux 1.4 (powerpc):/usr/bin/md5sum:/bin:
+119:Gentoo Linux 1.5 (i386):/usr/bin/md5sum:/bin:
+119:Gentoo Linux 1.5 (powerpc):/usr/bin/md5sum:/bin:
 120:Red Hat Linux release 7.3 (Valhalla):/usr/bin/md5sum:/bin:
 121:Aurora SPARC Project release 1.0 (Ansel):/usr/bin/md5sum:/bin:
 122:Red Hat Linux release 7.0 (Guinness):/usr/bin/md5sum:/bin:
Back to top
View user's profile Send private message
spudicus
Apprentice
Apprentice


Joined: 05 Dec 2002
Posts: 177
Location: Geraldton, Australia

PostPosted: Wed Jul 14, 2004 2:15 pm    Post subject: Reply with quote

afterthefall wrote:
Code:
Gentoo Linux 1.4 (i386):/usr/bin/md5sum:/bin:

Code:
# cat /etc/gentoo-release | awk '{ print $5 }' | cut -d '.' -f1,2
1.5

The latter probably has something to do with it (or something with the the Gentoo "version" compatability). I'll try reproducing the message with earlier versions.

If by this you mean, your version is Gentoo Linux 1.5 and it's looking for Gentoo Linux 1.4 you'd be right.
The rkhunter website states the Gentoo versions 1.4, 2004.0 and 2004.1 are supported. Your problem is caused by installing with the ACCEPT_KEYWORDS uncommented in make.conf, causing the install of the unstable baselayout. Unless you really like living on the edge (or are bug testing), it's usually better to only unmask certain packages via additions to /etc/portage/package.keywords. Technically, your running rkhunter on an untested platform, 2004.1 being the most up to date tested so far.

Downgrading to rkhunter 1.0.9 won't fix this, you'd have to downgrade your baselayout.

You could try manually altering the os.dat file from 1.4 to 1.5, and see if rkhunter still runs successfully.
Back to top
View user's profile Send private message
afterthefall
n00b
n00b


Joined: 19 May 2003
Posts: 40

PostPosted: Wed Jul 14, 2004 2:48 pm    Post subject: Reply with quote

I duped the Gentoo line and made the new one 1.5 and it worked like a charm. Thanks.

- Brian
Back to top
View user's profile Send private message
gau
n00b
n00b


Joined: 05 Nov 2004
Posts: 14
Location: noway - nowar - NORWAY!

PostPosted: Sat Mar 12, 2005 4:55 am    Post subject: Reply with quote

for x86_64 (amd64) you can make these changes to please rkhunter:

Code:

 @@ 1984,7 @@
                case $uname_model in
                    i[0-9]86) architecture=i386; ;;
                    ppc) architecture=powerpc; ;;
+                  x86_64)   architecture=amd64; ;;
                esac
                logtext "Architecture ${uname_model} (->${architecture})"


Code:

 @@ 81,1 @@
  166:CentOS release 3.4 (final):/usr/bin/md5sum:/bin:
  167:Mandrake Linux release 8.1 (Vitamin) for i586:/usr/bin/md5sum:/bin:
  168:Slackware 10.1.0:/usr/bin/md5sum:/bin
+169:Gentoo Linux 1.4 (amd64):/usr/bin/md5sum:/bin:
+170:Gentoo Linux 1.5 (amd64):/usr/bin/md5sum:/bin:
  200:FreeBSD 5.0 (i386):/sbin/md5 -q:/usr/local/bin:
  201:FreeBSD 4.7 (i386):/sbin/md5 -q:/usr/local/bin:



bleh, i never learnt those @@ line markers
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum