hello,

I have a question about rootkithunter:
the software runs fine (on freebsd 4.9), but in my daily report I see this:
Determining OS... Warning: this operating system is not fully supported!
Ready
Warning: Cannot find md5_not_known
All MD5 checks will be skipped!
so I will need to install md5, but which port do I have to install? cfv-1.16? (http://www.freebsd.org/cgi/ports.cgi?query=md5&stype=all)

Greetings Oliver:

1. Make sure you are using the latest version of rkhunter. The current version is 1.1.18.

2. Run the following as root

rkhunter --update

That should update your md5 database that root kit hunter uses.

Thank you.

thank you dynamicnet,

1. I do have 1.1.18

2. the update worked fine - everything is okay now...

thank you very much !

We are running RH ES 4

I had the same problem and so i did:

[root@cp bin]# ./rkhunter --update
Running updater...

Mirrorfile /usr/local/rkhunter/lib/rkhunter/db/mirrors.dat rotated
Using mirror http://mirror01.mirror.rkhunter.org
[DB] Mirror file : Up to date
[DB] MD5 hashes system binaries : Up to date
[DB] Operating System information : Update available
Action: Database updated (current version: 2005101300, new version 2005102800)
[DB] MD5 blacklisted tools/binaries : Up to date
[DB] Known good program versions : Update available
Action: Database updated (current version: 2005101700, new version 2005103100)
[DB] Known bad program versions : Update available
Action: Database updated (current version: 2005101700, new version 2005103100)

Ready.
[root@cp bin]# /usr/local/bin/rkhunter -c --cronjob --nocolors --report-mode --createlogfile --skip-keypress
Line:
Warning: This operating system is not fully supported!
Line: Warning: This operating system is not fully supported!
Warning: Cannot find md5_not_known
/usr/bin/php: error while loading shared libraries: libpspell.so.15: cannot open shared object file: No such file or directory
* MD5 scan
MD5 compared : 0
Incorrect MD5 checksums : 0

* File scan
Scanned files: 342
Possible infected files: 0

* Rootkits
Possible rootkits:

Scanning took 69 seconds

*important*
Scan your system sometimes manually with full output enabled!
Some errors has been found while checking. Please perform a manual check on this machine cp.xx.xx
[root@cp bin]#

I TRIED LOOKING FOR libpspell.so.15 for RH but couldn't find one at rmpfind.net.

What is wrong here and does rkhunter support RH ES 4?

Thanks in advance.

I've sent the developer an e-mail because after redhat ent 3 update 5, rkhunter reports that some of the binaries have 'bad' md5 hashs. Hopefully a md5 hashs update for rkhunter will be released soon.

SW

Steve,

I have reported those in this thread .. No answer from the developer yet ..

http://forum.psoft.net/showthread.php?t=13615&highlight=rootkit+hunter

Webryan,

What is wrong here and does rkhunter support RH ES 4?

Yes it is supported .. that seems to be from pspell rpm .. Which may be a issue with hsphere in a lot of cases requiring aspell and wacking that package .. Strange that its from a local php binary .. You have php loaded on that box from rpms ??

Francesca

Thanks SW and Ladylinux for the replies.

PHP wasn't installed from RPMs. I might have to recompile PHP.

Yes it is supported .. that seems to be from pspell rpm .. Which may be a issue with hsphere in a lot of cases requiring aspell and wacking that package .. Strange that its from a local php binary .. You have php loaded on that box from rpms ??
Francesca

Are you sure? I'm pretty sure that I have the the latest version of rkhunter, v1.2.7, and rkhunter --update says my database is up to date but the db file does not have any signatures for Red Hat Enterprise Linux 4 ES and AS. The Red Hat Enterprise Linux 4 WS signatures are there, but only the WS signatures.

Greetings:

The author of rootkithunter needs to make an update if I understand the issue correctly.

Thank you.

Peter,

The author of rootkithunter needs to make an update if I understand the issue correctly.

That is correct .. Even with a db update done daily before the rkhunter run .. We still have 4 bad MD5 hashes .. With it seems only RHES and RHWS products .. Now as far as RHAS .. I don't have one of those to test.

Francesca