Re: rkhunter warnings, maybe yum issues?
by William Mattison
Michael asks:
> Could you give an example showing the queries you've performed?
>
> "whereis" looks for files available on the file-system in various paths.
> "rpm" only covers files included in installed RPM packages as tracked by
> the local RPM database.
I'll show rkhunter log entries, "rpm -V" output, and "whereis" output
for 6 packages...
Here are 6 of the messages from the rkhunter log:
[18:55:34] Info: The command 'rpm -qf --queryformat...
/usr/sbin/chkconfig' gave error code 1.
[18:55:39] Info: The command 'rpm -qf --queryformat... /usr/sbin/fuser'
gave error code 1.
[18:55:40] Info: The command 'rpm -qf --queryformat...
/usr/sbin/ifconfig' gave error code 1.
[18:55:44] Info: The command 'rpm -qf --queryformat... /usr/sbin/route'
gave error code 1.
[18:55:44] Info: The command 'rpm -qf --queryformat...
/usr/sbin/rsyslogd' gave error code 1.
[18:56:07] Info: The command 'rpm -qf --queryformat... /usr/bin/mailx'
gave error code 1.
Here's the rpm -V output for those same 6 packages:
bash.11[~]: rpm -V chkconfig
bash.12[~]: rpm -V fuser
package fuser is not installed
bash.13[~]: rpm -V ifconfig
package ifconfig is not installed
bash.14[~]: rpm -V route
package route is not installed
bash.15[~]: rpm -V rsyslogd
package rsyslogd is not installed
bash.16[~]:
bash.32[~]: rpm -V mail
package mail is not installed
Here's the whereis output for those same 6 packages:
bash.16[~]: whereis chkconfig
chkconfig: /usr/sbin/chkconfig /etc/chkconfig.d
/usr/share/man/man8/chkconfig.8.gz
bash.17[~]: whereis fuser
fuser: /usr/sbin/fuser /usr/share/man/man1/fuser.1.gz
/usr/share/man/man1p/fuser.1p.gz
bash.18[~]: whereis ifconfig
ifconfig: /usr/sbin/ifconfig /usr/share/man/man8/ifconfig.8.gz
bash.19[~]: whereis route
route: /usr/sbin/route /usr/share/man/man8/route.8.gz
bash.20[~]: whereis rsyslogd
rsyslogd: /usr/sbin/rsyslogd /usr/share/man/man8/rsyslogd.8.gz
bash.21[~]:
bash.37[~]: whereis mail
mail: /usr/bin/mail /etc/mail /etc/mail.rc /usr/share/man/man1/mail.1.gz
(By the way, the "mail" command does work. I am not familiar with the
others, so I have not tried them.)
As best as I recall at the moment, the only way packages have been
installed on this system was (1) the initial install when the hardware
was new, with the install coming from the f-18 install dvd burned from
the Fedora web site; (2) by using yum (in most cases) or rpm (in a few
cases); and (3) by using fedup.
John says:
>> I consider parts 2 and 3 of my original post closed. But I remain
>> puzzled that rpm doesn't find packages that "whereis" finds in the
>> places that rkhunter has rpm looking.
> I don't follow that.
My original post had 3 parts.
* The third part reported a warning about GasKit rootkit. People
responded that it's a false alarm, and that a bugzilla has been
submitted. So this part of my original post is closed.
* The second part asked about package manager verification warnings that
suggested prelinking to resolve dependency issues. I wondered if yum
should be doing something more. People convinced me otherwise. So this
part of my original post is closed.
* The first part asked about error code 1 being returned by "rpm -qf
--queryformat...". Discussion in this list has me convinced that
there's not an rkhunter issue here. But I'm wondering if I have a
non-rkhunter problem, based on the output that I included in the first
part of *this* message.
Bill.
10 years, 1 month
Libreoffice problem related to PDF forms
by Joachim Backes
Hi all,
I don't know if that's the right place for my question, but let me try:
I'running F20 with libreoffice-4.1.4.2-5.fc20.x86_64 including
libreoffice-pdfimport-4.1.4.2-5.fc20. Additionally I have some PDF file
with form entries (printable, but but not storable). I can open this PDF
file with acroread or evince without any password request and fill out
some form entries. The filled out file cannot be saved.
But if I try to import (open) this PDF file in libreoffice draw, some
password is requested.
PDF file properties:
pdfinfo Desktop/s.pdf
Producer: Acrobat Distiller 5.0.5 (Windows)
CreationDate: Thu Mar 13 10:13:48 2003
ModDate: Wed Dec 8 08:27:26 2004
Tagged: no
Form: AcroForm
Pages: 4
Encrypted: yes (print:yes copy:yes change:no addNotes:yes
algorithm:RC4)
Page size: 596 x 842 pts (A4)
Page rot: 0
File size: 179424 bytes
Optimized: yes
PDF version: 1.5
Anybody can explain this?
Kind regards
Joachim Backes
Fedora release 20 (Heisenbug)
Kernel-3.12.9-300.fc20.x86_64
Joachim Backes <joachim.backes(a)rhrk.uni-kl.de>
https://www-user.rhrk.uni-kl.de/~backes
10 years, 1 month
Resizing LVM -
by Bob Goodwin
I have a computer with a 1TB drive taken up completely with an F-19
system. I'd like to squeeze that down and make room for anther Linux
partition but I can't seem to get started.
I have an F-19 DVD that I have been trying to use for booting into the
"rescue" mode but I may not be doing it right. I can stumble through
until I get a point where it says "An error occurred trying to mount
some or all of your system. Some of it may be mounted under
/mnt/sysimage. Press return to get a shell."
That gets another box offering: start shell, fakd, reboot.
From the shell I do chroot /mnt/sysimage.
Then ls lists a familiar list of directories, however there is nothing
in those directories e.g. home, root, etc.
At that point I am stumped!
Suggestions solicited, maybe I should just give up and re-install?
Bob
--
http://www.qrz.com/db/w2bod
Box10 Fedora-20/64bit Linux/XFCE
10 years, 1 month
Disable NetworkManager
by Sergio Belkin
Hi folks,
I'd want to disable NetworkManager, I've performed a minimal install and I
don't need it, please could you help me?
I've tried disabling using systemctl, but network.service does not set ip
address.
Thanks in advance
--
--
Sergio Belkin http://www.sergiobelkin.com
LPIC-2 Certified - http://www.lpi.org
10 years, 1 month
yum update scriptlet failed
by Robert Moskowitz
So, I was on the road, and I don't do updates, necessarily, while on the
road. I THOUGHT this would be cleaned up by the time I did my update.
Well not. Number of rpms failed. Including the kernel.
I tried looking back through the old messages, but did not find
something that I thought I could use to clean this up with. So any help
is appreciated.
10 years, 1 month
fedmsg notify daemon
by SternData
I've noticed that a process called fedmsg-notify-daemon is running on my
system, connected to 85.236.55.6 on port 9940.
According to this page, it's monitoring something for messages about
Fedora: http://lewk.org/blog/fedmsg-notify
Is this anything I really need? According to fedmsg-notify-config, the
daemon is on but every channel option is toggled off.
Is anyone using it and if so, what value is it providing?
--
-- Steve
10 years, 1 month
Yum warning
by Timothy Murphy
I wonder why I got the warning
Updating : glibc-common-2.18-12.fc20.i686
/usr/sbin/build-locale-archive:
incomplete set of locale files in "/usr/lib/locale/en_GB"
when running "yum update" today,
and what if anything I can or should do about it?
--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
School of Mathematics, Trinity College, Dublin 2, Ireland
10 years, 1 month