Hi Jörg, Le dimanche 23 mars 2008 à 02:02 +0100, Jörg Sommer a écrit : > Hallo Julien, > > Julien Valroff schrieb am Thu 20. Mar, 17:56 (+0100): > > Le jeudi 20 mars 2008 à 11:31 +0100, Jörg Sommer a écrit : > > > Package: rkhunter > > > Version: 1.3.2-1 > > > Severity: normal > > > > > > Hi, > > > > > > I've build all neccessary modules into the kernel. Therefore, my > > > /proc/modules is empty. rkhunter complains > > > > > > Warning: No output found from the lsmod command or the /proc/modules file: > > > /proc/modules output: > > > lsmod output: > > > > > > I don't found a way to tell him, this is alright. > > > > As documented in README.Debian, you can disable the os_specific test, > > which consists in checking bad modules in case of Linux (see > > linux_specific_checks() in the rkhunter script). > > But os_specific test sounds like containing more than only lsmod tests. > Currently it is only this test, but it might become extended and I loose > some tests. A single option to disable or better say, that an empty > modules is expected, is better.
You are right about the fact you'll loose some tests if the current os_specific test is extended in future releases. Before submitting this upstream, I would like to work on a patch implementing this feature. Any help is welcome ;-) About your ideas: > * Use /boot/config-$(uname -r) to verify module support is enabled. This file could very easily be modified by a hacker - I wouldn't trust it. What do you think about using /proc/config.gz instead which is read-only and enabled by default in Debian kernel? > * grep in /proc/kallsyms for modules > > % diff <(grep -o '\[.*\]$' /proc/kallsyms |sort -u | tr -d '[]') \ > <(lsmod |sed '1d;s/ .*//' |sort) I am not sure to understand what this aims at. Can you please explain? Cheers, Julien
