Can't remember if I posted this before... We're getting warnings from
rkhunterWarning: Checking for prerequisites [ Warning ]
All file hash checks will be skipped because:
This system uses prelinking, but the hash function command does not
look like SHA1 or MD5.
Now, googling, I find people saying to rm /etc/prelink.cache, then run
rkhunter --propupd.
Works. And then, prelink runs in the middle of the night, via
/etc/cron.daily, and when the cron job of rkhunter runs, it's back to
complaining.
Anyone have any ideas what's going on here? I don't see anything in the
prelink.conf, or any options in the prelink manpage to tell is what hash
to use.
mark
This has come up for me on the most recent upgrade, add the line HASH_CMD=sha1sum On Wed, Aug 30, 2017 at 11:15 AM, <m.roth at 5-cent.us> wrote:> Can't remember if I posted this before... We're getting warnings from > rkhunterWarning: Checking for prerequisites [ Warning ] > All file hash checks will be skipped because: > This system uses prelinking, but the hash function command does not > look like SHA1 or MD5. > > Now, googling, I find people saying to rm /etc/prelink.cache, then run > rkhunter --propupd. > > Works. And then, prelink runs in the middle of the night, via > /etc/cron.daily, and when the cron job of rkhunter runs, it's back to > complaining. > > Anyone have any ideas what's going on here? I don't see anything in the > prelink.conf, or any options in the prelink manpage to tell is what hash > to use. > > mark > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >
in my prior message, that should be in rkhunter.conf On Wed, Aug 30, 2017 at 11:43 AM, Tony Schreiner <anthony.schreiner at bc.edu> wrote:> This has come up for me on the most recent upgrade, add the line > > HASH_CMD=sha1sum > > On Wed, Aug 30, 2017 at 11:15 AM, <m.roth at 5-cent.us> wrote: > >> Can't remember if I posted this before... We're getting warnings from >> rkhunterWarning: Checking for prerequisites [ Warning ] >> All file hash checks will be skipped because: >> This system uses prelinking, but the hash function command does not >> look like SHA1 or MD5. >> >> Now, googling, I find people saying to rm /etc/prelink.cache, then run >> rkhunter --propupd. >> >> Works. And then, prelink runs in the middle of the night, via >> /etc/cron.daily, and when the cron job of rkhunter runs, it's back to >> complaining. >> >> Anyone have any ideas what's going on here? I don't see anything in the >> prelink.conf, or any options in the prelink manpage to tell is what hash >> to use. >> >> mark >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > >
On Wed, August 30, 2017 10:43 am, Tony Schreiner wrote:> This has come up for me on the most recent upgrade, add the line > > HASH_CMD=sha1sum > > On Wed, Aug 30, 2017 at 11:15 AM, <m.roth at 5-cent.us> wrote: > >> Can't remember if I posted this before... We're getting warnings from >> rkhunterWarning: Checking for prerequisites [ Warning ] >> All file hash checks will be skipped because: >> This system uses prelinking, but the hash function command does not >> look like SHA1 or MD5. >> >> Now, googling, I find people saying to rm /etc/prelink.cache, then run >> rkhunter --propupd. >> >> Works. And then, prelink runs in the middle of the night, via >> /etc/cron.daily, and when the cron job of rkhunter runs, it's back to >> complaining.Prelink is evil, in a sense of what it does. Allegedly it helps to load into memory binaries and libraries faster, for that it TOUCHES every one of them regularly. This effectively defeats the way we watch for system integrity by tracking all system files and libraries information, such as: file sizes, time stamps, inode numbers, checksums. The very moment RedHat made prelink installed by default, I was so upset that you can feel these my feelings in my writing now are still present. I got rid of prelink, and I rid of it specifically on my kickstart files. Two or three years down the road RedHat came to its senses and removed prelink from what is installed by default. I'm surprised, Mark, that you still have it some place. Any specific reason? If not, get rid of prelink which does waaay more harm than it does good IMHO. Valeri>> >> Anyone have any ideas what's going on here? I don't see anything in the >> prelink.conf, or any options in the prelink manpage to tell is what hash >> to use. >> >> mark >> >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> https://lists.centos.org/mailman/listinfo/centos >> > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos >++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
On Wed, 2017-08-30 at 11:15 -0400, m.roth at 5-cent.us wrote:> Can't remember if I posted this before... We're getting warnings from > rkhunterWarning: Checking for prerequisites [ Warning ] > All file hash checks will be skipped because: > This system uses prelinking, but the hash function command does not > look like SHA1 or MD5. >Check in the rkhunter log file (probably /var/log/rkhunter.log). It will tell you what hash command it is using as it runs. For prelinking it must be SHA1 or MD5 (set via the HASH_CMD config option). If you set it to literally 'SHA1' or 'MD5', then RKH will look for the relevant command. John. -- John Horne | Senior Operations Analyst | Technology and Information Services University of Plymouth | Drake Circus | Plymouth | Devon | PL4 8AA | UK ________________________________ [http://www.plymouth.ac.uk/images/email_footer.gif]<http://www.plymouth.ac.uk/worldclass> This email and any files with it are confidential and intended solely for the use of the recipient to whom it is addressed. If you are not the intended recipient then copying, distribution or other use of the information contained is strictly prohibited and you should not rely on it. If you have received this email in error please let the sender know immediately and delete it from your system(s). Internet emails are not necessarily secure. While we take every care, Plymouth University accepts no responsibility for viruses and it is your responsibility to scan emails and their attachments. Plymouth University does not accept responsibility for any changes made after it was sent. Nothing in this email or its attachments constitutes an order for goods or services unless accompanied by an official order form.