Re: rkhunter on Etch

To: "Julien Valroff" <julien@kirya.net>
Cc: "Debian User" <debian-user@lists.debian.org>, micah@debian.org
Subject: Re: rkhunter on Etch
From: "Sam Kuper" <sam.kuper@uclmail.net>
Date: Tue, 26 Aug 2008 10:23:39 +0100
Message-id: <[🔎] 4126b3450808260223w78ba0dfdne347136eb56e4104@mail.gmail.com>
In-reply-to: <[🔎] 1219734986.8694.2.camel@athyr.kirya.net>
References: <[🔎] 4126b3450808251930x44fad850p99eb981c7478a420@mail.gmail.com> <[🔎] 1219734986.8694.2.camel@athyr.kirya.net>

Dear Julien,

Thanks for your prompt reply (below). I suppose that as long as I'm
sticking with Etch, I'll have to decide between: option 1; option 3;
or using integrit or suchlike, and not bothering to update rkhunter's
hashes (I wasn't previously aware of integrit, so thanks for the
pointer).

All best,

Sam

2008/8/26 Julien Valroff <julien@kirya.net>:
> Hi Sam,
>
> Thanks for your e-mail.
>
> Le mardi 26 août 2008 à 03:30 +0100, Sam Kuper a écrit :
>> Dear Debian users and rkhunter maintainers for Etch,
>>
>> I've been trying to set up rkhunter on my Debian Etch VPS, and I've
>> run into a few problems. (In case it's significant, this VPS is
>> virtualised via OpenVZ; I have root access to the VPS but not the
>> underlying system.)
>>
>> The first problem is this. When I run rkhunter -c, after performing
>> the 'known bad' checks, rkhunter gives the message, "Performing 'known
>> good' check... Info: Check skipped - no hashes available".
>>
>
> This is the default situation, you first have to create the hashes
> database.
>
> [...]
>
> Be sure to understand that rkhunter hashes test is not meant to replace
> more powerful tools, like eg. integrit.
>
>> (1*) Use the version of hashupd.sh at
>> http://rkhunter.cvs.sourceforge.net/rkhunter/hashupd/ . I'm a little
>> nervous about doing this, as it's not the same age as rkhunter 1.2.9
>> and may not be totally compatible. Rootkit detection isn't to be
>> trifled with, so I'd rather not take the risk without assurances from
>> Debian's rkhunter maintainer that this version of hashupd.sh is okay
>> for use with 1.2.9. (NB. I've asked the rkhunter-users list if I can
>> ask for support there for 1.2.9; the answer was: no. See email below.)
>> Micah, Julien, is this version of hashupd.sh okay for use with
>> rkhunter 1.2.9?
>
> Yes, I think so, though not recently tested.
> 1.3.2 has a replacement tool for hashupd.sh embedded in the core
> package.
>
>> (2*) Use the package from Lenny instead. I'm loath to do this. It
>> feels like a slippery slope. I really want to run a pure Debian Stable
>> system if at all possible. But if consensus among users/maintainers is
>> that using the package from Lenny is the best solution to problem 2,
>> I'll be willing to try it.
>
> Not needed
>
>> (3*) Forego the Debian packages altogether; just download the source
>> and build it myself. Well, it's certainly possible. But that would
>> kind of defeat the main reason I chose to run Debian: easy and fast
>> package management and upgrades; minimal compiling necessary.
>
> I supply ***unofficial*** backports of rkhunter package in my personal
> repository at http://packages.kirya.net
> I use these backports on my servers.
>
> This might be the best solution for you is you want to benefit from all
> the improvements of the newer releases.
>
>> (4) Request the Debian Etch rkhunter maintainers to upgrade rkhunter
>> in Etch to version 1.3.2. If successful, this would undoubtedly be the
>> best solution. Dear Micah and Julien, how about it? Sysadmins will
>> love you even more than they do already! :)
>
> Etch is the current stable distribution, hence cannot be updated (except
> for major issues, eg. security fixes).
>
>> Looking forward to your replies,
>>
>> Sam
>>
>> ---------- Forwarded message ----------
>> From: Nils Breunese (Lemonbit) <nils@lemonbit.com>
>> Date: 2008/8/25
>> Subject: Re: [Rkhunter-users] Welcome to the "Rkhunter-users" mailing list
>> To: rkhunter-users@lists.sourceforge.net
>> Sam Kuper wrote:
>> > Q1) The advice page for this mailing list states, "If you are not
>> > running the latest version: please check the website for the latest
>> > version and upgrade first." I use Debian 4 (Etch), which is the
>> > latest stable Debian release. Like most users of Debian stable, I
>> > upgrade by using "apt-get update; apt-get upgrade". Doing this gives
>> > me rkhunter 1.2.9, whereas running "rkhunter --versioncheck" reveals
>> > that the latest release of rkhunter is 1.3.2. I do not want to use
>> > "testing" Debian packages on my server, as I am concerned about
>> > stability. Yet rkhunter 1.2.9 is giving me some problems. My
>> > question is, then: can I expect support from this mailing list for
>> > rkhunter 1.2.9 or must I look elsewhere?
>>
>> rkhunter 1.2.9 is not supported anymore. Contact Debian's package
>> maintainer if you have problems with this old version.
>>
>> > Q2) The advice page for this mailing list states, "Hashupd is on our
>> > download page. Please see the FAQ for details." Actually, it isn't,
>> > and yes, I have checked the online FAQ for an up-to-date link to the
>> > download page, in case I was looking in the wrong place. So, please
>> > could you tell me where I can obtain Hashupd?
>>
>> hashupd was a script for rkhunter 1.2.9. The rkhunter 1.2.9 files are
>> no longer available on the project page, so that's probably why
>> hashupd is also no longer there. The FAQ should be updated, yes.
>>
>
>

Reply to:

References:
- rkhunter on Etch
  - From: "Sam Kuper" <sam.kuper@uclmail.net>
- Re: rkhunter on Etch
  - From: Julien Valroff <julien@kirya.net>

Prev by Date: Re: [SOLVED] Re: package fails to install; fails to remove; breaks upgrade of other packages
Next by Date: Re: apt-get upgrade issue and Debiantools.
Previous by thread: Re: rkhunter on Etch
Next by thread: Re: rkhunter on Etch
Index(es):
- Date
- Thread