Mailinglist Archive: opensuse-factory (242 mails)
| < Previous | Next > |
Re: [opensuse-factory] rkhunter 1.3.0
- From: David Bolt <bcrafhfr-rqtr@xxxxxxxxxx>
- Date: Thu, 22 Nov 2007 14:11:06 +0000
- Message-id: <DgGSDh663YRHFwMt@xxxxxxxxxxxxxxxxxxx>
On Thu, 22 Nov 2007, Andreas Vetter wrote:-
Looking at the check_update.sh script, I'm not sure why the os.dat file
is still there. It's no longer used by any of the other scripts and even
the update script ignores it. Well, it did when I tried using the
--update option.
1.3.0 doesn't know _any_ md5sums. That's the purpose of the --propupd
option. The --propupd option creates the reference file containing the
md5sums, and should be called as soon as possible after the initial
installation.
Yes, it's one of quite a few new options. Here's the --help output for
the 1.3.0 release:
davjam@lion:~> rpm -qi rkhunter ; sudo rkhunter --help
Name : rkhunter Relocations: (not relocatable)
Version : 1.3.0 Vendor: (none)
Release : 1 Build Date: Mon 12 Nov 2007
14:25:58 GMT
Install Date: Wed 21 Nov 2007 16:58:12 GMT Build Host: cobra-mk3.davjam.org
Group : Applications/System Source RPM: rkhunter-1.3.0-1.src.rpm
Size : 747022 License: GPL
Signature : (none)
Packager : David Bolt <davjam@xxxxxxxxxx>
URL : http://rkhunter.sourceforge.net/
Summary : rkhunter scans for rootkits, backdoors and local exploits
Description :
Rootkit Hunter is a scanning tool to ensure you are about 99.9%
clean of nasty tools. It scans for rootkits, backdoors and local
exploits by running tests like:
- File hash check
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
- Software version checks
- Application tests
Rootkit Hunter is released as a GPL licensed project and free for everyone to
use.
Distribution: openSUSE 10.3
root's password:
Usage: rkhunter {--check | --update | --propupd | --versioncheck |
--list [tests | languages | rootkits] |
--version | --help} [options]
Current options are:
--append-log Append to the logfile, do not overwrite
--bindir <directory>... Use the specified command directories
-c, --check Check the local system
--cs2, --color-set2 Use the second color set for output
--configfile <file> Use the specified configuration file
--cronjob Run as a cron job
(implies -c, --sk and --nocolors options)
--dbdir <directory> Use the specified database directory
--debug Debug mode
(Do not use unless asked to do so)
--disable <test>[,<test>...] Disable specific tests
(Default is to disable no tests)
--display-logfile Display the logfile at the end
--enable <test>[,<test>...] Enable specific tests
(Default is to enable all tests)
--hash {MD5 | SHA1 | NONE | Use the specified file hash function
<command>} (Default is SHA1)
-h, --help Display this help menu, then exit
--lang, --language <language> Specify the language to use
(Default is English)
--list [tests | languages | List the available test names, languages,
rootkits] or checked for rootkits, then exit
-l, --logfile [file] Write to a logfile
(Default is /var/log/rkhunter.log)
--noappend-log Do not append to the logfile, overwrite
it
--nocolors Use black and white output
--nolog Do not write to a logfile
--nomow, --no-mail-on-warning Do not send a message if warnings occur
--ns, --nosummary Do not show the summary of check results
--novl, --no-verbose-logging No verbose logging
--pkgmgr {RPM | DPKG | BSD | Use the specified package manager to
obtain or
NONE} verify file hash values. (Default is
NONE)
--propupd Update the file properties database
-q, --quiet Quiet mode (no output at all)
--rwo, --report-warnings-only Show only warning messages
-r, --rootdir <directory> Use the specified root directory
--sk, --skip-keypress Don't wait for a keypress after each test
--summary Show the summary of system check results
(This is the default)
--syslog [facility.priority] Log the check start and finish times to
syslog
(Default level is authpriv.notice)
--tmpdir <directory> Use the specified temporary directory
--update Check for updates to database files
--vl, --verbose-logging Use verbose logging (on by default)
-V, --version Display the version number, then exit
--versioncheck Check for latest version of program
-x, --autox Automatically detect if X is in use
-X, --no-autox Do not automatically detect if X is in
use
Regards,
David Bolt
--
Team Acorn: http://www.distributed.net/ OGR-P2 @ ~100Mnodes RC5-72 @ ~15Mkeys
| SUSE 10.1 32bit | openSUSE 10.2 32bit | openSUSE 10.3 32bit
SUSE 10.0 64bit | SUSE 10.1 64bit | openSUSE 10.2 64bit |
RISC OS 3.11 | RISC OS 3.6 | TOS 4.02 | openSUSE 10.3 PPC
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
On Wed, 21 Nov 2007, David Bolt wrote:
If you're referring to the os.dat file, it's unused by anything other
than check_update.sh.
Looking at the check_update.sh script, I'm not sure why the os.dat file
is still there. It's no longer used by any of the other scripts and even
the update script ignores it. Well, it did when I tried using the
--update option.
Don't know about 1.3.0, but 1.2.8 does not know the md5sums of
openSUSE 10.3:
# rkhunter -c --nocolors -sk
Rootkit Hunter 1.2.8 is running
Determining OS... Unknown
Warning: This operating system is not fully supported!
Warning: Cannot find md5_not_known
All MD5 checks will be skipped!
1.3.0 doesn't know _any_ md5sums. That's the purpose of the --propupd
option. The --propupd option creates the reference file containing the
md5sums, and should be called as soon as possible after the initial
installation.
One thing I did need to do after installation, and probably something
that should have been added to the %post of the spec is to call
"rkhunter --propupd" to create the rkhunter.dat database.
Does this only exist in 1.3.0? 1.2.8 does not know about --propupd :
# rkhunter --propupd
Fatal: Invalid option --propupd
Yes, it's one of quite a few new options. Here's the --help output for
the 1.3.0 release:
davjam@lion:~> rpm -qi rkhunter ; sudo rkhunter --help
Name : rkhunter Relocations: (not relocatable)
Version : 1.3.0 Vendor: (none)
Release : 1 Build Date: Mon 12 Nov 2007
14:25:58 GMT
Install Date: Wed 21 Nov 2007 16:58:12 GMT Build Host: cobra-mk3.davjam.org
Group : Applications/System Source RPM: rkhunter-1.3.0-1.src.rpm
Size : 747022 License: GPL
Signature : (none)
Packager : David Bolt <davjam@xxxxxxxxxx>
URL : http://rkhunter.sourceforge.net/
Summary : rkhunter scans for rootkits, backdoors and local exploits
Description :
Rootkit Hunter is a scanning tool to ensure you are about 99.9%
clean of nasty tools. It scans for rootkits, backdoors and local
exploits by running tests like:
- File hash check
- Look for default files used by rootkits
- Wrong file permissions for binaries
- Look for suspected strings in LKM and KLD modules
- Look for hidden files
- Optional scan within plaintext and binary files
- Software version checks
- Application tests
Rootkit Hunter is released as a GPL licensed project and free for everyone to
use.
Distribution: openSUSE 10.3
root's password:
Usage: rkhunter {--check | --update | --propupd | --versioncheck |
--list [tests | languages | rootkits] |
--version | --help} [options]
Current options are:
--append-log Append to the logfile, do not overwrite
--bindir <directory>... Use the specified command directories
-c, --check Check the local system
--cs2, --color-set2 Use the second color set for output
--configfile <file> Use the specified configuration file
--cronjob Run as a cron job
(implies -c, --sk and --nocolors options)
--dbdir <directory> Use the specified database directory
--debug Debug mode
(Do not use unless asked to do so)
--disable <test>[,<test>...] Disable specific tests
(Default is to disable no tests)
--display-logfile Display the logfile at the end
--enable <test>[,<test>...] Enable specific tests
(Default is to enable all tests)
--hash {MD5 | SHA1 | NONE | Use the specified file hash function
<command>} (Default is SHA1)
-h, --help Display this help menu, then exit
--lang, --language <language> Specify the language to use
(Default is English)
--list [tests | languages | List the available test names, languages,
rootkits] or checked for rootkits, then exit
-l, --logfile [file] Write to a logfile
(Default is /var/log/rkhunter.log)
--noappend-log Do not append to the logfile, overwrite
it
--nocolors Use black and white output
--nolog Do not write to a logfile
--nomow, --no-mail-on-warning Do not send a message if warnings occur
--ns, --nosummary Do not show the summary of check results
--novl, --no-verbose-logging No verbose logging
--pkgmgr {RPM | DPKG | BSD | Use the specified package manager to
obtain or
NONE} verify file hash values. (Default is
NONE)
--propupd Update the file properties database
-q, --quiet Quiet mode (no output at all)
--rwo, --report-warnings-only Show only warning messages
-r, --rootdir <directory> Use the specified root directory
--sk, --skip-keypress Don't wait for a keypress after each test
--summary Show the summary of system check results
(This is the default)
--syslog [facility.priority] Log the check start and finish times to
syslog
(Default level is authpriv.notice)
--tmpdir <directory> Use the specified temporary directory
--update Check for updates to database files
--vl, --verbose-logging Use verbose logging (on by default)
-V, --version Display the version number, then exit
--versioncheck Check for latest version of program
-x, --autox Automatically detect if X is in use
-X, --no-autox Do not automatically detect if X is in
use
Regards,
David Bolt
--
Team Acorn: http://www.distributed.net/ OGR-P2 @ ~100Mnodes RC5-72 @ ~15Mkeys
| SUSE 10.1 32bit | openSUSE 10.2 32bit | openSUSE 10.3 32bit
SUSE 10.0 64bit | SUSE 10.1 64bit | openSUSE 10.2 64bit |
RISC OS 3.11 | RISC OS 3.6 | TOS 4.02 | openSUSE 10.3 PPC
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
| < Previous | Next > |