John Horne a écrit :
On Tue, 2006-10-17 at 12:36 +0200, François Patte wrote:
Why FC4 x86_64 is not listed in /var/rkhunter/db/os.dat
Only O/S's which we were given hash entries for could be listed.
and why, if I
change i386 to x86_64 on the line FC4, something changes it back to i386?
This would only happen if you ran 'rkhunter --update'. The os.dat file
is not changed by anything else.
so it is /etc/cron.daily/01-rkhunter the culprit.
How to add a new line with FC4 x84_64 in this file?
From the (CVS) FAQ:
4.1) What does the warning "Determining OS... Warning: this
operating system is not fully supported!" mean?
It simply means that not all functions and checks can be
performed, because the system is 'unknown' to RKH.
If you want support for the O/S, then please open a
'Support request' in the RKH tracker system on the web site.
Include information such as the contents of your /etc/fedora-release
file. You will also need to download the hashupd utility from the RKH
web site, and run that. Send us the output and attach the new os.dat
file.
I'll do it.
rkhunter send a warning message (this machine can be infected) if the OS
is not in the file os.dat and, doing so, how can we trust rkhunter in
that case?
It does not any such thing!! All it says is that the O/S is not fully
supported. In that case no MD5 hash check will be done, but the other
tests will run. If one of them finds something wrong then it will say
there is a possibility of infection, but that is nothing to with the O/S
being supported or not.
The exact text message sent is:
Please inspect this machine, because it can be infected
message has subject: [rkhunter] Warnings found for dipankar
This is not so much comforting!
--
François Patte
UFR de mathématiques et informatique
Université René Descartes
http://www.math-info.univ-paris5.fr/~patte
