rkhunter warnings, maybe yum issues?
by William Mattison
Good evening,
I don't know if these are properly rkhunter questions, yum questions, or
F-20 questions, so I'm posting to both lists.
Last Monday, I updated my 64-bit system from Fedora-19 to Fedora-20.
Several minutes ago, I updated Fedora-20 by doing "yum update". I then
did "rkhunter --update", and then "rkhunter --check". I'm getting a lot
of issues.
1. I get these messages in the rkhunter log:
[18:55:34] Info: The command 'rpm -qf --queryformat...
/usr/sbin/chkconfig' gave error code 1.
[18:55:39] Info: The command 'rpm -qf --queryformat... /usr/sbin/fuser'
gave error code 1.
[18:55:40] Info: The command 'rpm -qf --queryformat...
/usr/sbin/ifconfig' gave error code 1.
[18:55:44] Info: The command 'rpm -qf --queryformat... /usr/sbin/route'
gave error code 1.
[18:55:44] Info: The command 'rpm -qf --queryformat...
/usr/sbin/rsyslogd' gave error code 1.
[18:55:50] Info: The command 'rpm -qf --queryformat... /usr/bin/ed' gave
error code 1.
[18:55:50] Info: The command 'rpm -qf --queryformat... /usr/bin/egrep'
gave error code 1.
[18:55:50] Info: The command 'rpm -qf --queryformat... /usr/bin/fgrep'
gave error code 1.
[18:55:52] Info: The command 'rpm -qf --queryformat... /usr/bin/grep'
gave error code 1.
[18:55:55] Info: The command 'rpm -qf --queryformat... /usr/bin/mail'
gave error code 1.
[18:55:55] Info: The command 'rpm -qf --queryformat... /usr/bin/netstat'
gave error code 1.
[18:56:01] Info: The command 'rpm -qf --queryformat... /usr/bin/rpm'
gave error code 1.
[18:56:01] Info: The command 'rpm -qf --queryformat... /usr/bin/sed'
gave error code 1.
[18:56:07] Info: The command 'rpm -qf --queryformat... /usr/bin/mailx'
gave error code 1.
I get these warnings a lot (both under F-19, and since updating to
F-20). What's causing these warnings? Is there something yum should be
doing, but isn't? Is there something I should be doing, but I don't
know it?
2. I get this warning in the rkhunter log:
[18:55:49] /usr/bin/curl [ Warning ]
[18:55:49] Warning: Package manager verification has failed:
[18:55:49] File: /usr/bin/curl
[18:55:49] Try running the command 'prelink /usr/bin/curl' to
resolve dependency errors.
[18:55:49] The file hash value has changed
[18:55:49] The file size has changed
The warning gives me the immediate fix, and it works. But the problem
recurs after almost every "yum update" (both under F-19, and since
updating to F-20), though not on the same packages each time. What's the
real problem? Is there something yum should be doing, but isn't? Is
there something I should be doing, but I don't know it?
3. Since updating to F-20, I'm seeing this warning:
[18:56:18]
[18:56:18] Checking for GasKit Rootkit...
[18:56:18] Checking for file '/dev/dev/gaskit/sshd/sshdd' [ Not found ]
[18:56:18] Checking for directory '/dev/dev' [ Found ]
[18:56:18] Checking for directory '/dev/dev/gaskit' [ Not found ]
[18:56:18] Checking for directory '/dev/dev/gaskit/sshd' [ Not found ]
[18:56:18] Warning: GasKit Rootkit [ Warning ]
[18:56:18] Directory '/dev/dev' found
[18:56:18]
The directory "/dev/dev/" contains one entry:
bash.6[dev]: ll
total 0
lrwxrwxrwx. 1 root root 10 Jan 29 13:48 resume -> ../../sda5
bash.7[dev]:
Doing "file resume" gives this:
bash.21[dev]: file resume
resume: broken symbolic link to `../../sda5'
bash.22[dev]:
I see no "sda5" in the root directory. A "df" shows no filesystem. An
"ls -a" of the root directory shows one file I did not expect:
-rw-r--r--. 1 root root 178665 Jan 29 18:50 .readahead
It seems to be binary.
Do I have a security problem? What are "/dev/dev/resume" and "/.readahead"?
thanks,
Bill.
10 years, 2 months
Re: rkhunter warnings, maybe yum issues?
by William Mattison
It's been one of those weeks; my apologies for the long delay in answering.
> > Michael asks:
> >
> > > Could you give an example showing the queries you've performed?
> > >
> > > "whereis" looks for files available on the file-system in
various paths.
> > > "rpm" only covers files included in installed RPM packages as
tracked by
> > > the local RPM database.
> >
> > I'll show rkhunter log entries, "rpm -V" output, and "whereis" output
> > for 6 packages...
> > Here are 6 of the messages from the rkhunter log:
> > [18:55:34] Info: The command 'rpm -qf --queryformat...
> > /usr/sbin/chkconfig' gave error code 1.
>
> Here you would need to find out the exact query options. The log
output is
> not useful, but the rkhunter shell script tells what has happened when it
> prints this. The previous rpm query has succeeded, and it tried to query
> the RPM database for file attributes and checksums. For someone who can
> reproduce the log message, it should be an easy task to examine the
issue.
>
> > Here's the rpm -V output for those same 6 packages:
> > bash.11[~]: rpm -V chkconfig
> > bash.12[~]: rpm -V fuser
> > package fuser is not installed
>
> That's a wrong query. /usr/sbin/fuser is not included in package "fuser"
> but "psmisc". You can use the "-qf" query to return the package a file
> is included in:
>
> # rpm -qf /usr/sbin/fuser
> psmisc-22.20-3.fc20.x86_64
>
> # rpm -V -qf /usr/sbin/fuser
> #
ok. I tried that; now I see. Thank-you, Michael.
> > bash.13[~]: rpm -V ifconfig
...
> > bash.32[~]: rpm -V mail
> > package mail is not installed
>
> Same here.
>
> Here's the whereis output for those same 6 packages:
> > bash.16[~]: whereis chkconfig
> > chkconfig: /usr/sbin/chkconfig /etc/chkconfig.d
> > /usr/share/man/man8/chkconfig.8.gz
>
> What does that tell in your opinion? "whereis" doesn't examine the RPM
> database. If you give "rpm" the path to the program, a query would work
> like this:
>
> # rpm -qf $(which chkconfig)
> chkconfig-1.3.60-4.fc20.x86_64
I was assuming that all the rkhunter messages were reporting on
packages. What you've said implies my assumption was wrong. Now
knowing better, the whereis output tells me nothing relevant to my
problem. Thank-you for clearing that up for me.
At this point, I believe my Fedora system does not have the problems I
originally feared it might have. In a separate message, I'll fully
close this.
Bill.
10 years, 2 months
libreoffice 4.2 for F20?
by SternData
Are there plans to build libreoffice 4.2 for F20? I just checked koji
and it looks like the 4.2 builds are all marked as F21.
--
-- Steve
10 years, 2 months
Tons of DBUS error and apps unavailability
by Ambrogio De Lorenzo
Hi all,
I see a lot of DBUS error in the messages:
dbus[11185]: [system] Failed to activate service 'org.freedesktop.systemd1': timed out
dbus-daemon: dbus[11185]: [system] Failed to activate service 'org.freedesktop.systemd1': timed out
dbus[11185]: [system] Activating systemd to hand-off: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service'
dbus-daemon: dbus[11185]: [system] Activating systemd to hand-off: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service'
dbus[11185]: [system] Failed to activate service 'org.freedesktop.hostname1': timed out
dbus-daemon: dbus[11185]: [system] Failed to activate service 'org.freedesktop.hostname1': timed out
dbus[11185]: [system] Failed to activate service 'org.freedesktop.systemd1': timed out
dbus-daemon: dbus[11185]: [system] Failed to activate service 'org.freedesktop.systemd1': timed out
I use KDE and the errors are frequent when an application have to open
the file selector windows (Libreoffice on save as or Virtualbox in
select a disk).
The timeout is about 2 3 minutes.
I can't understand why (but I think this is also related to a NFS
filesystem mounted on my machine - I have to test without it).
Little timeout I have also when I unlock the session.
A big timeout when I logoff and logon with the same user.
I can't found solutions.
There is someone that had the same problem?
Bye
Ambrogio
10 years, 2 months
Most recent iso file for installing F20
by Paul Smith
Dear All,
I would like to install F20. Is there some iso file more recent than
the one made available at the release date of F20? If so, where can
one download it?
Thanks in advance,
Paul
10 years, 2 months
does "openssh" really depend on "openssl"?
by Robert P. J. Day
currently reading the RHEL 7-Beta docs (which should be fairly
relevant WRT fedora, yes? as RHEL 7 will be based on f19 last i read),
and on this opening page:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Lin...
one reads:
"Note, the OpenSSH packages require the OpenSSL package (openssl) ..."
um ... they do? i just checked and none of the following commands
show openssl as a dependency:
$ rpm -qR openssh-server
$ rpm -qR openssh-clients
$ rpm -qR openssh
conversely:
$ rpm -q --whatrequires openssl
perl-IO-Socket-SSL-1.955-1.fc20.noarch
unbound-libs-1.4.21-1.fc20.x86_64
$
finally, i checked the changelog for openssh-server and, way back in
2001:
* Sat Mar 03 2001 Nalin Dahyabhai <nalin(a)redhat.com>
- remove dependency on openssl -- would need to be too precise
so ... am i missing something? does openssh actually depend on
openssl in some way that's not revealed by any of the above?
rday
--
========================================================================
Robert P. J. Day Ottawa, Ontario, CANADA
http://crashcourse.ca
Twitter: http://twitter.com/rpjday
LinkedIn: http://ca.linkedin.com/in/rpjday
========================================================================
10 years, 2 months
Playing commercial DVDs in Fedora 20
by Matthew Saltzman
I have libdvdcss from Livna and gstreamer-plugins-bad (who's idea was
naming the gstreamer-plugins-* series, anyway?) from RPM Fusion Free
(which contains /usr/lib64/gstreamer-0.10/libgstdvdspu.so). But when I
play a commercial DVD, Totem reports that it can't find the Sub-Picture
Decoder plugin. It offers to search, but finds nothing relevant. The
DVD does play, but AIUI, without the plugin, I will have to manually
start each .VOB file.
Am I still missing something (I have most of the gstreamer plugins
installed by now), or is something misconfigured in Totem? If there's a
bug, whose is it, Totem or the plugins?
TIA.
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
10 years, 2 months
Fedora 20 and VmWare
by Ambrogio De Lorenzo
Hi all,
this is the everytime seen subject.
I'm changing my PC (from an old Fedora 14) and I installed Fedora 20.
I need to have a Windows virtual machine and until now I used a VmWare
virtual machine.
Now I'm unable to install vmplayer and also vmware workstation on fedora
20.
I remember I had a lot of problem with VmWare on every new kernel.
I forgot that problems because Fedora 14 is no more updated :-)
Now I have to solve the problem.
There is a chance to have vmplayer working on fedora 20?
Is better to use Virtual Box (and are the vmware virtual machines usable
without pain on Virtual Box)?
Regards to all
Ambrogio
10 years, 2 months
Fedora 20 Installation Problem
by L.G.
Good morning everybody.
Today I have tried to install Fedora 20 on my Sony SVE1512Y1ESI notebook.
First of all I have loaded a .ISO image on my USB pen drive, using very useful UltraISO program. At this point I have restarted my PC and, after appropriate configurations, I have run the Fedora installation which, unfortunately, has hung after just a minute.
What do you suggest I should do?
I express my early thanks to all people who will know to give me an answer.
10 years, 2 months