[SOLVED] rkhunter repeated warnings

Customer support forums for Atomic Protector (formerly Atomic Secured Linux). There is no such thing as a bad question here as long as it pertains to using Atomic Protector. Newbies feel free to get help getting started or asking questions that may be obvious. Regular users are asked to be gentle. :-)
Post Reply
stephan-zrh
Forum User
Forum User
Posts: 71
Joined: Mon May 07, 2012 9:37 am
Location: Zurich

[SOLVED] rkhunter repeated warnings

Unread post by stephan-zrh »

Hello,

We recently migrated to Plesk 12 (Centos 6.6). Ever since moving to the new container, rkhunter reports each night about elinks:

Code: Select all

---------------------- Start Rootkit Hunter Scan ----------------------
Warning: Package manager verification has failed:
         File: /usr/bin/elinks
         Try running the command 'prelink /usr/bin/elinks' to resolve dependency errors.
         The file hash value has changed
         The file size has changed

----------------------- End Rootkit Hunter Scan -----------------------
I've run 'prelink /usr/bin/elinks', also did 'rkhunter -chkupd' but still it reports the same issue each night.

Does anyone have an idea what might be causing this and how to get rid of that warning?

Kind regards

-Stephan
Last edited by stephan-zrh on Mon Feb 02, 2015 6:52 am, edited 1 time in total.
Top
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:
Contact biggles

Re: rkhunter repeated warnings

Unread post by biggles »

No idea what to do, but I have exactly the same problem.
Top
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:
Contact scott

Re: rkhunter repeated warnings

Unread post by scott »

Reinstall elinks and run rkhunter --propupd?
Top
stephan-zrh
Forum User
Forum User
Posts: 71
Joined: Mon May 07, 2012 9:37 am
Location: Zurich

Re: rkhunter repeated warnings

Unread post by stephan-zrh »

scott wrote:Reinstall elinks and run rkhunter --propupd?
That worked. Thanks!
Top
dsjohn
New Forum User
New Forum User
Posts: 1
Joined: Sat Aug 22, 2015 12:58 am
Location: Denmark

Re: [SOLVED] rkhunter repeated warnings

Unread post by dsjohn »

Does anyone have an idea what might be causing this ?
The problem is caused by update(s) of libraries used by the command(s) rkhunter is complaining about.
For elinks and other programs this happened to me when the library nns and other libraries were updated by auto yum.

On Fedora you can use this pipe to get information about packages that could have triggered the rkhunter report:

ldd `which elinks`| awk '{print $3}' | xargs -L1 rpm -qif | grep -B5 "`date +"%b %Y"`"

Look for install date to check if the date matches the time rkhunter started complaining.

Name : nss
Version : 3.19.3
Release : 1.0.fc21
Architecture: i686
Install Date: ons 19 aug 2015 04:43:25 CEST
Group : System Environment/Libraries
Size : 2494663
License : MPLv2.0
Signature : RSA/SHA256, tor 13 aug 2015 03:40:02 CEST, Key ID 89ad4e8795a43f54
Source RPM : nss-3.19.3-1.0.fc21.src.rpm
Build Date : ons 12 aug 2015 07:26:31 CEST
--
v3 certificates, and other security standards.
Name : nss
Version : 3.19.3
Release : 1.0.fc21
Architecture: i686
Install Date: ons 19 aug 2015 04:43:25 CEST
Group : System Environment/Libraries
Size : 2494663
License : MPLv2.0
Signature : RSA/SHA256, tor 13 aug 2015 03:40:02 CEST, Key ID 89ad4e8795a43f54
Source RPM : nss-3.19.3-1.0.fc21.src.rpm
Build Date : ons 12 aug 2015 07:26:31 CEST
--
v3 certificates, and other security standards.
Name : nss
Version : 3.19.3
Release : 1.0.fc21
Architecture: i686
Install Date: ons 19 aug 2015 04:43:25 CEST
Group : System Environment/Libraries
Size : 2494663
License : MPLv2.0
Signature : RSA/SHA256, tor 13 aug 2015 03:40:02 CEST, Key ID 89ad4e8795a43f54
Source RPM : nss-3.19.3-1.0.fc21.src.rpm
Build Date : ons 12 aug 2015 07:26:31 CEST
Top
Post Reply

Return to “Atomic Protector (formerly ASL)”