On Tue, 2015-07-28 at 15:24 +0000, Skirpan Jr, Stephen J Jr CTR DISA PEO-C2C (US) wrote:
> > On another attempt, changed the following settings in the > /etc/rkhunter.conf file: > Uncommented HASH_CMD=sha1sum > Set USE_SUNSUM=1 > Same problem as the previous attempt. The hashes were populated in > the .dat file. But when the --check was run, all of the files > scanned in the properties checked were flagged with either one of the > two Warnings: > Warning: Unable to obtain current properties for <filename> > Warning: Unable to obtain current write permission for <file> > Hello, I suspect things have got a little mixed up, so you are getting problems. It is perfectly safe to delete the rkhunter.dat, but you *must* run 'rkhunter --propupd' afterwards to recreate it. Similarly, if you change any of the package manager or hash options in the configuration file, then you *must* run 'rkhunter --propupd' afterwards. An rkhunter.dat file with loads of colons in it (and no values between them) is okay, it can occur if a package manager is used. I would suggest not using the Solaris package manager. It uses 16-bit values, so is not very secure. I would suggest that you leave the package manager and hash command and settings commented out in the config file and let them default. For the hash function rkhunter will look for something that can create a SHA1 hash. If it cannot then it will use the provided perl script (filehashsha.pl) if the perl SHA module has been installed. This is, however, a sort of last resort. You are far better off ensuring that some sha1 (or better) command is installed on the system. I would suggest that as root you type in 'which sha1sum' and see if it finds it (as far as I remember 'which' will work on Sun systems!). Once the config file is back to using default values, then run 'rkhunter --propupd'. When that has finished, run 'rkhunter --enable properties' and it should run through the properties check using the rkhunter.dat that has just been created. Hopefully there will be no errors. If there are problems, then get back to me. John. -- ---------------------------------------------------- John Horne Tel: +44 (0)1752 587287 Plymouth University, UK ------------------------------------------------------------------------------ _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
