Results 1 to 1 of 1
My questions
1. What is the best way of checking a system is free from problems before running rkhunter --propoupd ?
2. Is there a script/other tool that will temporarily ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 10-28-2010 #1Linux Guru
- Join Date
- Oct 2007
- Posts
- 3,002
rkhunter sha1 value cross check against package information
My questions
1. What is the best way of checking a system is free from problems before running rkhunter --propoupd ?
2. Is there a script/other tool that will temporarily extract packages/files to be able to determine sha1sum or md5sum values that can be used to compare with live system files ?
3. How do you check your system is clean before running rkhunter --propupd or similar that will fingerprint aspects of the system for future comparison against?
Background to questions ...
I have been running rkhunter to check for root kits, and ran rkhunter --propupd a while ago. Quite a few updates later I ran rkhunter again and got warning about 102 files with sha1sum values changed. I wanted to check files were correct before running rkhunter --propupd again.
What I did
created a folder in a user home area as a fake root to install relevant files to, installed relevant files to the fake root folder, created the sha1sum values for the files, compared them with the values in /var/log/rkhunter.log - which I had copied to $HOME/fake-arch-root folder I created.
I ended writing a couple of scripts and doing some manual manipulation of files to get what I needed. On the plus side I now know a bit more about awk, grep and sed than I did
, but my scripts are far from perfect
.
What I'm thinking of doing
just running rkhunter immediately before system updates to check there are no issues and running rkhunter immediately after update and if necessary running rkhunter --propupd.
Script I used for extracting relevant packages ...
Code:### work in folder $HOME/fake-arch-root ### first make the file list from rkhunter.log cat $HOME/fake-arch-root/rkhunter.log | grep -B 1 'Current hash' | grep File > $HOME/fake-arch-root/rkhunter.log.files-to-check ### establish package which owns file using pacman -Qoq ### and install the package $(awk '{ print $4 " " $5 }' $HOME/fake-arch-root/rkhunter.log.files-to-check) > $HOME/fake-arch-root/rkhunter.log.file-list2 echo $packages_to_install pacman -Qoq $packages_to_install | sort | uniq > $HOME/fake-arch-root/packages-to-install.lst #echo $(awk -F":" '{ print $4 " " $5 \n }' $HOME/fake-arch-root/rkhunter.log.files-to-check) echo $(sudo pacman -b $HOME/fake-arch-root/var/lib/pacman -r $HOME/fake-arch-root \ --logfile $HOME/fake-arch-root/pacman.log --noscriptlet --noconfirm \ -S $(cat $HOME/fake-arch-root/packages-to-install.lst )) echo All files should now have been installed in $HOME/fake-arch-root
Reply With Quote 
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
