Dear Julien, Thanks for your prompt reply (below). I suppose that as long as I'm sticking with Etch, I'll have to decide between: option 1; option 3; or using integrit or suchlike, and not bothering to update rkhunter's hashes (I wasn't previously aware of integrit, so thanks for the pointer).
All best, Sam 2008/8/26 Julien Valroff <[EMAIL PROTECTED]>: > Hi Sam, > > Thanks for your e-mail. > > Le mardi 26 août 2008 à 03:30 +0100, Sam Kuper a écrit : >> Dear Debian users and rkhunter maintainers for Etch, >> >> I've been trying to set up rkhunter on my Debian Etch VPS, and I've >> run into a few problems. (In case it's significant, this VPS is >> virtualised via OpenVZ; I have root access to the VPS but not the >> underlying system.) >> >> The first problem is this. When I run rkhunter -c, after performing >> the 'known bad' checks, rkhunter gives the message, "Performing 'known >> good' check... Info: Check skipped - no hashes available". >> > > This is the default situation, you first have to create the hashes > database. > > [...] > > Be sure to understand that rkhunter hashes test is not meant to replace > more powerful tools, like eg. integrit. > >> (1*) Use the version of hashupd.sh at >> http://rkhunter.cvs.sourceforge.net/rkhunter/hashupd/ . I'm a little >> nervous about doing this, as it's not the same age as rkhunter 1.2.9 >> and may not be totally compatible. Rootkit detection isn't to be >> trifled with, so I'd rather not take the risk without assurances from >> Debian's rkhunter maintainer that this version of hashupd.sh is okay >> for use with 1.2.9. (NB. I've asked the rkhunter-users list if I can >> ask for support there for 1.2.9; the answer was: no. See email below.) >> Micah, Julien, is this version of hashupd.sh okay for use with >> rkhunter 1.2.9? > > Yes, I think so, though not recently tested. > 1.3.2 has a replacement tool for hashupd.sh embedded in the core > package. > >> (2*) Use the package from Lenny instead. I'm loath to do this. It >> feels like a slippery slope. I really want to run a pure Debian Stable >> system if at all possible. But if consensus among users/maintainers is >> that using the package from Lenny is the best solution to problem 2, >> I'll be willing to try it. > > Not needed > >> (3*) Forego the Debian packages altogether; just download the source >> and build it myself. Well, it's certainly possible. But that would >> kind of defeat the main reason I chose to run Debian: easy and fast >> package management and upgrades; minimal compiling necessary. > > I supply ***unofficial*** backports of rkhunter package in my personal > repository at http://packages.kirya.net > I use these backports on my servers. > > This might be the best solution for you is you want to benefit from all > the improvements of the newer releases. > >> (4) Request the Debian Etch rkhunter maintainers to upgrade rkhunter >> in Etch to version 1.3.2. If successful, this would undoubtedly be the >> best solution. Dear Micah and Julien, how about it? Sysadmins will >> love you even more than they do already! :) > > Etch is the current stable distribution, hence cannot be updated (except > for major issues, eg. security fixes). > >> Looking forward to your replies, >> >> Sam >> >> ---------- Forwarded message ---------- >> From: Nils Breunese (Lemonbit) <[EMAIL PROTECTED]> >> Date: 2008/8/25 >> Subject: Re: [Rkhunter-users] Welcome to the "Rkhunter-users" mailing list >> To: [EMAIL PROTECTED] >> Sam Kuper wrote: >> > Q1) The advice page for this mailing list states, "If you are not >> > running the latest version: please check the website for the latest >> > version and upgrade first." I use Debian 4 (Etch), which is the >> > latest stable Debian release. Like most users of Debian stable, I >> > upgrade by using "apt-get update; apt-get upgrade". Doing this gives >> > me rkhunter 1.2.9, whereas running "rkhunter --versioncheck" reveals >> > that the latest release of rkhunter is 1.3.2. I do not want to use >> > "testing" Debian packages on my server, as I am concerned about >> > stability. Yet rkhunter 1.2.9 is giving me some problems. My >> > question is, then: can I expect support from this mailing list for >> > rkhunter 1.2.9 or must I look elsewhere? >> >> rkhunter 1.2.9 is not supported anymore. Contact Debian's package >> maintainer if you have problems with this old version. >> >> > Q2) The advice page for this mailing list states, "Hashupd is on our >> > download page. Please see the FAQ for details." Actually, it isn't, >> > and yes, I have checked the online FAQ for an up-to-date link to the >> > download page, in case I was looking in the wrong place. So, please >> > could you tell me where I can obtain Hashupd? >> >> hashupd was a script for rkhunter 1.2.9. The rkhunter 1.2.9 files are >> no longer available on the project page, so that's probably why >> hashupd is also no longer there. The FAQ should be updated, yes. >> > >
