Re: rkhunter on Etch

To: Sam Kuper <sam.kuper@uclmail.net>
Cc: Debian User <debian-user@lists.debian.org>, micah@debian.org
Subject: Re: rkhunter on Etch
From: Julien Valroff <julien@kirya.net>
Date: Tue, 26 Aug 2008 09:16:25 +0200
Message-id: <[🔎] 1219734986.8694.2.camel@athyr.kirya.net>
In-reply-to: <[🔎] 4126b3450808251930x44fad850p99eb981c7478a420@mail.gmail.com>
References: <[🔎] 4126b3450808251930x44fad850p99eb981c7478a420@mail.gmail.com>

Hi Sam,

Thanks for your e-mail.

Le mardi 26 août 2008 à 03:30 +0100, Sam Kuper a écrit : 
> Dear Debian users and rkhunter maintainers for Etch,
> 
> I've been trying to set up rkhunter on my Debian Etch VPS, and I've
> run into a few problems. (In case it's significant, this VPS is
> virtualised via OpenVZ; I have root access to the VPS but not the
> underlying system.)
> 
> The first problem is this. When I run rkhunter -c, after performing
> the 'known bad' checks, rkhunter gives the message, "Performing 'known
> good' check... Info: Check skipped - no hashes available".
> 

This is the default situation, you first have to create the hashes
database.

[...]

Be sure to understand that rkhunter hashes test is not meant to replace
more powerful tools, like eg. integrit. 

> (1*) Use the version of hashupd.sh at
> http://rkhunter.cvs.sourceforge.net/rkhunter/hashupd/ . I'm a little
> nervous about doing this, as it's not the same age as rkhunter 1.2.9
> and may not be totally compatible. Rootkit detection isn't to be
> trifled with, so I'd rather not take the risk without assurances from
> Debian's rkhunter maintainer that this version of hashupd.sh is okay
> for use with 1.2.9. (NB. I've asked the rkhunter-users list if I can
> ask for support there for 1.2.9; the answer was: no. See email below.)
> Micah, Julien, is this version of hashupd.sh okay for use with
> rkhunter 1.2.9?

Yes, I think so, though not recently tested.
1.3.2 has a replacement tool for hashupd.sh embedded in the core
package.

> (2*) Use the package from Lenny instead. I'm loath to do this. It
> feels like a slippery slope. I really want to run a pure Debian Stable
> system if at all possible. But if consensus among users/maintainers is
> that using the package from Lenny is the best solution to problem 2,
> I'll be willing to try it.

Not needed

> (3*) Forego the Debian packages altogether; just download the source
> and build it myself. Well, it's certainly possible. But that would
> kind of defeat the main reason I chose to run Debian: easy and fast
> package management and upgrades; minimal compiling necessary.

I supply ***unofficial*** backports of rkhunter package in my personal
repository at http://packages.kirya.net
I use these backports on my servers.

This might be the best solution for you is you want to benefit from all
the improvements of the newer releases.

> (4) Request the Debian Etch rkhunter maintainers to upgrade rkhunter
> in Etch to version 1.3.2. If successful, this would undoubtedly be the
> best solution. Dear Micah and Julien, how about it? Sysadmins will
> love you even more than they do already! :)

Etch is the current stable distribution, hence cannot be updated (except
for major issues, eg. security fixes).

> Looking forward to your replies,
> 
> Sam
> 
> ---------- Forwarded message ----------
> From: Nils Breunese (Lemonbit) <nils@lemonbit.com>
> Date: 2008/8/25
> Subject: Re: [Rkhunter-users] Welcome to the "Rkhunter-users" mailing list
> To: rkhunter-users@lists.sourceforge.net
> Sam Kuper wrote:
> > Q1) The advice page for this mailing list states, "If you are not
> > running the latest version: please check the website for the latest
> > version and upgrade first." I use Debian 4 (Etch), which is the
> > latest stable Debian release. Like most users of Debian stable, I
> > upgrade by using "apt-get update; apt-get upgrade". Doing this gives
> > me rkhunter 1.2.9, whereas running "rkhunter --versioncheck" reveals
> > that the latest release of rkhunter is 1.3.2. I do not want to use
> > "testing" Debian packages on my server, as I am concerned about
> > stability. Yet rkhunter 1.2.9 is giving me some problems. My
> > question is, then: can I expect support from this mailing list for
> > rkhunter 1.2.9 or must I look elsewhere?
> 
> rkhunter 1.2.9 is not supported anymore. Contact Debian's package
> maintainer if you have problems with this old version.
> 
> > Q2) The advice page for this mailing list states, "Hashupd is on our
> > download page. Please see the FAQ for details." Actually, it isn't,
> > and yes, I have checked the online FAQ for an up-to-date link to the
> > download page, in case I was looking in the wrong place. So, please
> > could you tell me where I can obtain Hashupd?
> 
> hashupd was a script for rkhunter 1.2.9. The rkhunter 1.2.9 files are
> no longer available on the project page, so that's probably why
> hashupd is also no longer there. The FAQ should be updated, yes.
>

Reply to:

Follow-Ups:
- Re: rkhunter on Etch
  - From: "Sam Kuper" <sam.kuper@uclmail.net>

References:
- rkhunter on Etch
  - From: "Sam Kuper" <sam.kuper@uclmail.net>

Prev by Date: Re: Gnome hosed--theme crashing!
Next by Date: Re: Gnome hosed--theme crashing!
Previous by thread: rkhunter on Etch
Next by thread: Re: rkhunter on Etch
Index(es):
- Date
- Thread