View previous topic :: View next topic |
Author |
Message |
afterthefall n00b
Joined: 19 May 2003 Posts: 40
|
Posted: Wed Jul 14, 2004 5:48 am Post subject: rkhunter - Warning: Cannot find md5_not_known |
|
|
Produces the following:
Code: | Rootkit Hunter 1.1.1 is running
Determining OS... Warning: this operating system is not fully supported!
Ready
Warning: Cannot find md5_not_known
All MD5 checks will be skipped!
Checking binaries
* Selftests
Strings (command) [ OK ]
* System tools
Skipped!
...
|
I have a relatively fresh install of Gentoo (2.5.7-gentoo-r8 ) with a bare minimum of apps installed. Was wondering if anyone else had seen this?
EDIT: that should be 2.6.7-gentoo-r8, not 2.5.7
- Brian
Last edited by afterthefall on Wed Jul 14, 2004 1:43 pm; edited 2 times in total |
|
Back to top |
|
|
spudicus Apprentice
Joined: 05 Dec 2002 Posts: 177 Location: Geraldton, Australia
|
Posted: Wed Jul 14, 2004 6:37 am Post subject: |
|
|
Firstly, I'm running 2.6.7 kernel and rkhunter-1.0.9
rkhunter-1.0.9 was only recently unmasked, so version 1.1.1 may be masked for a while longer.
I installed version 1.1.1 to see if I could reproduce the error but so far I've been unsuccessful.
What does the following ouput Code: | cat /usr/lib/rkhunter/db/os.dat | grep Gentoo |
This assumes your running gentoo on an intel-compatible machine.
You should get the following output: Code: | 119:Gentoo Linux 1.4 (i386):/usr/bin/md5sum:/bin: |
If not have you tried re-emerging rkhunter?
Does the following ourput 1.4? Code: | cat /etc/gentoo-release | awk '{ print $5 }' | cut -d '.' -f1,2
1.4 |
Do you get the following output? Code: | whereis md5sum
md5sum: /usr/bin/md5sum /usr/man/man1/md5sum.1.gz /usr/share/man/man1/md5sum.1.gz |
|
|
Back to top |
|
|
afterthefall n00b
Joined: 19 May 2003 Posts: 40
|
Posted: Wed Jul 14, 2004 1:42 pm Post subject: |
|
|
Code: | # cat /usr/lib/rkhunter/db/os.dat | grep Gentoo
119:Gentoo Linux 1.4 (i386):/usr/bin/md5sum:/bin: |
Code: | # whereis md5sum
md5sum: /usr/bin/md5sum /usr/man/man1/md5sum.1.gz /usr/share/man/man1/md5sum.1.gz |
Code: | # cat /etc/gentoo-release | awk '{ print $5 }' | cut -d '.' -f1,2
1.5 |
Code: | # cat /etc/make.conf | grep KEYWORDS
ACCEPT_KEYWORDS="~x86" |
The latter probably has something to do with it (or something with the the Gentoo "version" compatability), because md5sum is in its proper place. I'll try reproducing the message with earlier versions.
- Brian |
|
Back to top |
|
|
nikai Apprentice
Joined: 02 Oct 2002 Posts: 270 Location: Kitzbühel, Austria
|
Posted: Wed Jul 14, 2004 2:12 pm Post subject: |
|
|
rkhunter only knows about Gentoo 1.4.
I sent patches for ppc32 and 1.5 last week, I've been told they were accepted upstream:
Code: | --- /usr/bin/rkhunter-1.1.1 2004-07-08 20:08:16.000000000 +0200
+++ /usr/bin/rkhunter 2004-07-08 22:57:39.000000000 +0200
@@ -1740,6 +1740,7 @@
uname_model=`uname -m`
case $uname_model in
i[0-9]86) architecture=i386; ;;
+ ppc) architecture=powerpc; ;;
esac
logtext "Architecture ${uname_model} (->${architecture})" |
Code: | --- /usr/lib/rkhunter/db/os.dat-1.1.1 2004-07-08 21:16:49.000000000 +0200
+++ /usr/lib/rkhunter/db/os.dat 2004-07-08 22:50:40.000000000 +0200
@@ -20,6 +20,9 @@
117:Mandrake Linux release 9.2 (FiveStar) for i586:/usr/bin/md5sum:/bin:
118:Fedora Core release 1 (Yarrow) (i386):/usr/bin/md5sum:/bin:
119:Gentoo Linux 1.4 (i386):/usr/bin/md5sum:/bin:
+119:Gentoo Linux 1.4 (powerpc):/usr/bin/md5sum:/bin:
+119:Gentoo Linux 1.5 (i386):/usr/bin/md5sum:/bin:
+119:Gentoo Linux 1.5 (powerpc):/usr/bin/md5sum:/bin:
120:Red Hat Linux release 7.3 (Valhalla):/usr/bin/md5sum:/bin:
121:Aurora SPARC Project release 1.0 (Ansel):/usr/bin/md5sum:/bin:
122:Red Hat Linux release 7.0 (Guinness):/usr/bin/md5sum:/bin: |
|
|
Back to top |
|
|
spudicus Apprentice
Joined: 05 Dec 2002 Posts: 177 Location: Geraldton, Australia
|
Posted: Wed Jul 14, 2004 2:15 pm Post subject: |
|
|
afterthefall wrote: | Code: | Gentoo Linux 1.4 (i386):/usr/bin/md5sum:/bin: |
Code: | # cat /etc/gentoo-release | awk '{ print $5 }' | cut -d '.' -f1,2
1.5 |
The latter probably has something to do with it (or something with the the Gentoo "version" compatability). I'll try reproducing the message with earlier versions.
|
If by this you mean, your version is Gentoo Linux 1.5 and it's looking for Gentoo Linux 1.4 you'd be right.
The rkhunter website states the Gentoo versions 1.4, 2004.0 and 2004.1 are supported. Your problem is caused by installing with the ACCEPT_KEYWORDS uncommented in make.conf, causing the install of the unstable baselayout. Unless you really like living on the edge (or are bug testing), it's usually better to only unmask certain packages via additions to /etc/portage/package.keywords. Technically, your running rkhunter on an untested platform, 2004.1 being the most up to date tested so far.
Downgrading to rkhunter 1.0.9 won't fix this, you'd have to downgrade your baselayout.
You could try manually altering the os.dat file from 1.4 to 1.5, and see if rkhunter still runs successfully. |
|
Back to top |
|
|
afterthefall n00b
Joined: 19 May 2003 Posts: 40
|
Posted: Wed Jul 14, 2004 2:48 pm Post subject: |
|
|
I duped the Gentoo line and made the new one 1.5 and it worked like a charm. Thanks.
- Brian |
|
Back to top |
|
|
gau n00b
Joined: 05 Nov 2004 Posts: 14 Location: noway - nowar - NORWAY!
|
Posted: Sat Mar 12, 2005 4:55 am Post subject: |
|
|
for x86_64 (amd64) you can make these changes to please rkhunter:
Code: |
@@ 1984,7 @@
case $uname_model in
i[0-9]86) architecture=i386; ;;
ppc) architecture=powerpc; ;;
+ x86_64) architecture=amd64; ;;
esac
logtext "Architecture ${uname_model} (->${architecture})"
|
Code: |
@@ 81,1 @@
166:CentOS release 3.4 (final):/usr/bin/md5sum:/bin:
167:Mandrake Linux release 8.1 (Vitamin) for i586:/usr/bin/md5sum:/bin:
168:Slackware 10.1.0:/usr/bin/md5sum:/bin
+169:Gentoo Linux 1.4 (amd64):/usr/bin/md5sum:/bin:
+170:Gentoo Linux 1.5 (amd64):/usr/bin/md5sum:/bin:
200:FreeBSD 5.0 (i386):/sbin/md5 -q:/usr/local/bin:
201:FreeBSD 4.7 (i386):/sbin/md5 -q:/usr/local/bin:
|
bleh, i never learnt those @@ line markers |
|
Back to top |
|
|
|