| Summary: | why is "prelink" a dependency? | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Harald Reindl <h.reindl> |
| Component: | rkhunter | Assignee: | Kevin Fenzi <kevin> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 14 | CC: | devrim, kevin |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | rkhunter-1.3.8-6.fc15 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-07-01 18:59:15 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Harald Reindl
2011-06-17 09:55:23 UTC
Well rkhunter uses prelink if it's installed to determine the correct hash for files, and prelink is installed by default. So, I suppose we could drop the dep here. The case it wouldn't be good for would be: - someone installs and prelink runs it's weekly run. - someone removes prelink. - run rkhunter (since binaries are prelinked and it doesn't have prelink to use, it may report false positives) I don't suppose that would be too many users however. Or they could re-install and unprelink everything to fix it. please do this! there are thousands of servers out there where rkhunter is really useful and prelink absolutely useless but installed as dependencie on modern hardware i see generally no reason for prelink rkhunter-1.3.8-6.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/rkhunter-1.3.8-6.fc15 hm strange behavior, something goes here terrible wrong
wihtout "--hash sha1sum" it does not find a hash function
with "--hash sha1" or "--hash md5" like --help says it appears
that it tries "sha" or "md5" as command
but why does "rkhunter" skip chekcsums if prelink is not present
it is a little idiotic rely on something that changes the binaries
normally i would expect that "--propupd" calculates cheksums of the installed and unmodified binaries and cries out loud if they are modified without calling "--propupd" again
[root@buildserver:~]$ rkhunter --propupd --hash sha1sum
[root@buildserver:~]$ rkhunter --check --hash sha1sum
Warning: Checking for prerequisites [ Warning ]
All file hash checks will be skipped because:
Unable to find 'prelink' command.
well, fixed by look in the source: "rm -f /etc/prelink.cache" so this affects only systems which had prelink installed i guess "yum remove prelink" should do "rm -f /etc/prelink.cache" /etc/rkhunter.conf.local: HASH_FUNC=sha1sum thank you for changing the dependencies i did a "rpmbuild --rebuild" on the F15-src.rpm for our F14 infrastructure Yeah, this is the case I was talking about above. If you had prelink and later remove it, you need to make sure and remove it's cache/prelinking of binaries. ;( no problem - i did know about "prelink -u -a" but was not aware of the cache-file because who hurts if not any software check its exists - ok rkhunter does :-) but since prelink is in the default-install it should not hurt much users i hate prelink from its first day beuase its cronjob is bringing down low-end machines as it runs and you can never stat so many programs so much faster to benefit really from it Package rkhunter-1.3.8-6.fc15: * should fix your issue, * was pushed to the Fedora 15 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing rkhunter-1.3.8-6.fc15' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/rkhunter-1.3.8-6.fc15 then log in and leave karma (feedback). rkhunter-1.3.8-6.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. |