rkhunter warnings
John Horne
john.horne at plymouth.ac.uk
Mon Oct 16 10:49:33 UTC 2006
On Thu, 2006-10-12 at 19:10 +0530, Vikram Goyal wrote:
> Hello,
>
> I'm using FC5 and recently I started getting warnings from rkhunter cron
> check. I manually also updated the hashes with same results.
>
> What may be the reason??? Any ideas...Anything to worry...
>
It's an SELinux problem. It prevents the prelink command from returning
a hash value. I've already logged this with redhat (see
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209951 )
If you want to disable the MD5 checks then use the '--dmc' command-line
option. Alternatively, you can disable SELinux using 'setenforce 0'
before running RKH if you want to, and then re-enable it using
'setenforce 1' (not ideal of course!)
The problem has a workaround in CVS, however a lot of work is still
going on with rkhunter so CVS may become unreliable.
Hopefully redhat will get an SELinux update out soon to resolve this.
John.
--
---------------------------------------------------------------
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: John.Horne at plymouth.ac.uk Fax: +44 (0)1752 233839
More information about the users
mailing list