am I hacked?
Kevin J. Cummings
cummings at kjchome.homeip.net
Sat Apr 21 23:32:16 UTC 2007
peter kostov wrote:
> On the other machine in my local network there is one 'bad' binary
> reported by rkhunter - wget. This second computer accesses the Internet
> through the one we are discussing.
I think that the FC maintainer for rkhunter is no more. I seem to
remember that there was a bad hash for one of my FC5 binaries for a
while (maybe 3 weeks). Then an rkhunter update of its database cleaed
it out. Soon thereafter, there was a wget package update, and wget was
broken. For about 2 days, then another update of rkhunter's database
cleared that up. The next day there was another update of wget that was
released. rkhunter has been complaining to me ever since. I seem to
remember there is a BZ open against rkhunter, but it is maintainerless
at the moment. I think all it needs is for someone to contact the
rkhunter upstream development team and supply them with the current wget
binary hash.
> It is also running FC5 with yum, although the installation isn't exactly
> the same.
Someone else mentioned that rkhunter stumbles over pre-linked binaries.
No it doesn't. The version of rkhunter in Fedora Core Extras was
modified to work correctly with pre-linked binaries. What's broken is
supplying the correct hashes for the newer packages back to the ODs so
they can put them in their database which rkhunter can then download
when it needs to.
> Peter
>
--
Kevin J. Cummings
kjchome at rcn.com
cummings at kjchome.homeip.net
cummings at kjc386.framingham.ma.us
Registered Linux User #1232 (http://counter.li.org)
More information about the users
mailing list