On Tue, 2006-10-17 at 12:36 +0200, François Patte wrote:
>
> Why FC4 x86_64 is not listed in /var/rkhunter/db/os.dat
>
Only O/S's which we were given hash entries for could be listed.
> and why, if I
> change i386 to x86_64 on the line FC4, something changes it back to i386?
>
This would only happen if you ran 'rkhunter --update'. The os.dat file
is not changed by anything else.
> How to add a new line with FC4 x84_64 in this file?
>
>From the (CVS) FAQ:
4.1) What does the warning "Determining OS... Warning: this
operating system is not fully supported!" mean?
It simply means that not all functions and checks can be
performed, because the system is 'unknown' to RKH.
If you want support for the O/S, then please open a
'Support request' in the RKH tracker system on the web site.
Include information such as the contents of your /etc/fedora-release
file. You will also need to download the hashupd utility from the RKH
web site, and run that. Send us the output and attach the new os.dat
file.
> rkhunter send a warning message (this machine can be infected) if the OS
> is not in the file os.dat and, doing so, how can we trust rkhunter in
> that case?
>
It does not any such thing!! All it says is that the O/S is not fully
supported. In that case no MD5 hash check will be done, but the other
tests will run. If one of them finds something wrong then it will say
there is a possibility of infection, but that is nothing to with the O/S
being supported or not.
John.
--
---------------------------------------------------------------
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: John.Horne@xxxxxxxxxxxxxx Fax: +44 (0)1752 233839
