- using rpm -Va to verify : size, digest, permissions, type, owner and group of each file, & package signatures, and executes verification scripts if a package has one. .... i get this this output which is too cryptic for me : < rpm -Va S.5....T. c /etc/sane.d/dll.conf missing /usr/bin/lua missing /usr/bin/luac missing d /usr/share/man/man1/lua.1.gz missing d /usr/share/man/man1/luac.1.gz ....L.... d /usr/share/man/man1/ftp.1.gz ....L.... /usr/lib64/browser-plugins/javaplugin.so .....U... /var/lib/mlocate S.5....T. c /etc/mime.types S.5....T. c /etc/fonts/conf.d/10-rendering-options.conf S.5....T. c /etc/fonts/conf.d/58-family-prefer-local.conf .......T. /usr/lib64/gconv/gconv-modules.cache .......T. c /etc/cups/cupsd.conf SM5....T. c /etc/fonts/conf.d/30-metric-aliases.conf ......G.. /usr/lib/qemu-bridge-helper /usr/lib/qemu-bridge-helper: unknown group kvm .......T. c /etc/cups/client.conf .M...U... /var/cache/cups S.5....T. c /etc/zypp/zypp.conf S.5....T. c /etc/ntp.conf S.5....T. c /etc/systemd/journald.conf missing /usr/lib/systemd/system/tmp.mount S.5....T. c /etc/postfix/main.cf S.5....T. c /etc/postfix/master.cf S.5....T. c /etc/sysconfig/SuSEfirewall2 ......G.. /var/cache/man S.5....T. c /etc/rkhunter.d/00-opensuse.conf S.5....T. /var/lib/rkhunter/db/i18n/tr S.5....T. /var/lib/rkhunter/db/i18n/tr.utf8 S.5....T. c /etc/sddm.conf ....L.... /usr/lib64/browser-plugins/javaplugin.so missing /usr/bin/.hmac256.hmac ........P /usr/bin/ping S.5....T. c /etc/clamd.conf S.5....T. c /etc/environment ....L.... c /etc/pam.d/common-account ....L.... c /etc/pam.d/common-auth ....L.... c /etc/pam.d/common-password ....L.... c /etc/pam.d/common-session S.5....T. c /etc/ssh/sshd_config S.5....T. c /etc/default/grub ....L.... /usr/share/java/xml-commons-apis.jar > Does any of this look threatening ?? thanks ....... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2017-08-28 19:24, ellanios82 wrote:
- using rpm -Va to verify : size, digest, permissions, type, owner and group of each file, & package signatures, and executes verification scripts if a package has one.
....
i get this this output which is too cryptic for me :
The alterations to conf files can usually be ignored. man rpm explains what the table means: The format of the output is a string of 9 characters, a possible attribute marker: c %config configuration file. d %doc documentation file. g %ghost file (i.e. the file contents are not included in the package payload). l %license license file. r %readme readme file. from the package header, followed by the file name. Each of the 9 characters denotes the result of a comparison of attribute(s) of the file to the value of those attribute(s) recorded in the database. A single "." (period) means the test passed, while a single "?" (question mark) indicates the test could not be performed (e.g. file permissions prevent reading). Otherwise, the (mnemonically emBoldened) character denotes failure of the corresponding --verify test: S file Size differs M Mode differs (includes permissions and file type) 5 digest (formerly MD5 sum) differs D Device major/minor number mismatch L readLink(2) path mismatch U User ownership differs G Group ownership differs T mTime differs P caPabilities differ
< rpm -Va S.5....T. c /etc/sane.d/dll.conf missing /usr/bin/lua missing /usr/bin/luac missing d /usr/share/man/man1/lua.1.gz missing d /usr/share/man/man1/luac.1.gz
This I would worry, initially. But in my system I see that they are symlinks to alternatives: lrwxrwxrwx 1 root root 26 Jun 3 22:32 /usr/share/man/man1/lua.1.gz -> /etc/alternatives/lua.1.gz lrwxrwxrwx 1 root root 27 Jun 3 22:32 /usr/share/man/man1/luac.1.gz -> /etc/alternatives/luac.1.gz You can go file by file studying what was modified.
....L.... d /usr/share/man/man1/ftp.1.gz
alternatives
....L.... /usr/lib64/browser-plugins/javaplugin.so
alternatives
.....U... /var/lib/mlocate
check /etc/permissions
......G.. /usr/lib/qemu-bridge-helper /usr/lib/qemu-bridge-helper: unknown group kvm
Smells bug.
missing /usr/lib/systemd/system/tmp.mount
dunno
......G.. /var/cache/man
?
missing /usr/bin/.hmac256.hmac
?
........P /usr/bin/ping
? I would check what the capabilities were before. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)
On 29/08/17 14:23, Carlos E. R. wrote:
On 2017-08-28 19:24, ellanios82 wrote:
- using rpm -Va to verify : size, digest, permissions, type, owner and group of each file, & package signatures, and executes verification scripts if a package has one.
....
i get this this output which is too cryptic for me : The alterations to conf files can usually be ignored.
man rpm explains what the table means:
The format of the output is a string of 9 characters, a possible attribute marker:
c %config configuration file. d %doc documentation file. g %ghost file (i.e. the file contents are not included in the package payload). l %license license file. r %readme readme file.
from the package header, followed by the file name. Each of the 9 characters denotes the result of a comparison of attribute(s) of the file to the value of those attribute(s) recorded in the database. A single "." (period) means the test passed, while a single "?" (question mark) indicates the test could not be performed (e.g. file permissions prevent reading). Otherwise, the (mnemonically emBoldened) character denotes failure of the corresponding --verify test:
S file Size differs M Mode differs (includes permissions and file type) 5 digest (formerly MD5 sum) differs D Device major/minor number mismatch L readLink(2) path mismatch U User ownership differs G Group ownership differs T mTime differs P caPabilities differ
< rpm -Va S.5....T. c /etc/sane.d/dll.conf missing /usr/bin/lua missing /usr/bin/luac missing d /usr/share/man/man1/lua.1.gz missing d /usr/share/man/man1/luac.1.gz This I would worry, initially. But in my system I see that they are symlinks to alternatives:
lrwxrwxrwx 1 root root 26 Jun 3 22:32 /usr/share/man/man1/lua.1.gz -> /etc/alternatives/lua.1.gz lrwxrwxrwx 1 root root 27 Jun 3 22:32 /usr/share/man/man1/luac.1.gz -> /etc/alternatives/luac.1.gz
You can go file by file studying what was modified.
....L.... d /usr/share/man/man1/ftp.1.gz alternatives
....L.... /usr/lib64/browser-plugins/javaplugin.so alternatives
.....U... /var/lib/mlocate check /etc/permissions
......G.. /usr/lib/qemu-bridge-helper /usr/lib/qemu-bridge-helper: unknown group kvm Smells bug.
missing /usr/lib/systemd/system/tmp.mount dunno
......G.. /var/cache/man ?
missing /usr/bin/.hmac256.hmac ?
........P /usr/bin/ping ? I would check what the capabilities were before.
- many thanks .. btw. TW rkhunter : suppose can be used with doing : rkhunter --propupd - after each zypper dup : but imagine this requires a 'leap of faith' [hope] cheers ... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (2)
-
Carlos E. R. -
ellanios82