12-01-2005, 03:10 PM
|
|
Junior Guru
|
|
Join Date: Jan 2005
Posts: 203
|
|
2 of utilities installed on my servers are rkhunter and SIM (system integrity monitor).
I think it's not only my problem... Before SIM installation everything is ok with rkhunter reports but as soon as SIM is installed, rkhunter show up a lot of BAD binaries - 'at least one of file's dependencies has changed since prelinking' is the output.
It's ok? Is there a way to repair the error?
Note that everytime I used rkhunter up to date and the only problem is with those BAD binaries, the rest is ok.
|
12-03-2005, 01:56 AM
|
|
Community Leader
|
|
Join Date: Jul 2002
Location: Tasmania, Australia
Posts: 31,984
|
|
Moved to Technical & Security Issues.
|
12-03-2005, 02:22 AM
|
|
Telecommunication operator
|
|
Join Date: May 2002
Location: Russia, Moscow
Posts: 1,424
|
|
SIM cant' be a reason of your problem. It is just open source perl script and it not change anything in system, only add itself. You should double check what are you doing before installing SIM. And also check your system log for hacking attempt.
__________________
Robobill.net Dedicated server since 2002, RIPE NCC member, LIR, AS25478
|
12-03-2005, 02:28 AM
|
|
I like ice cream
|
|
Join Date: Mar 2003
Location: California USA
Posts: 11,612
|
|
Rkhunter is notorious for not updating the md5 sums. What operating system are you using?
|
12-03-2005, 02:46 AM
|
|
Junior Guru
|
|
Join Date: Jan 2005
Posts: 203
|
|
Fedora Core 3
I tested this on a new server too, with rkhunter updated, everything is perfect. But as soon as SIM is installed (few minutes later) rkhunter begin to show up a lot of BAD binaries.
|
12-03-2005, 03:12 AM
|
|
Telecommunication operator
|
|
Join Date: May 2002
Location: Russia, Moscow
Posts: 1,424
|
|
are you use any software which protect system libraries from exploit? for example libsafe ?
__________________
Robobill.net Dedicated server since 2002, RIPE NCC member, LIR, AS25478
|
12-03-2005, 03:19 AM
|
|
Junior Guru
|
|
Join Date: Jan 2005
Posts: 203
|
|
|
12-03-2005, 03:45 AM
|
|
Temporarily Suspended
|
|
Join Date: Nov 2002
Location: Under the sea
Posts: 4,208
|
|
Did you run rkhunter --update lately? If not, give it a shot, after SIM is installed.
|
12-03-2005, 03:52 AM
|
|
Junior Guru
|
|
Join Date: Jan 2005
Posts: 203
|
|
If I wasn't clear enough, I allways update my scripts.
rustelekom, do you think libsafe can broke it?
Thanks!
|
12-03-2005, 03:56 AM
|
|
Junior Guru
|
|
Join Date: Jan 2005
Posts: 203
|
|
As I told you before, it's very strange. Errors on rkhunter report appear as soon as I have SIM installed. Before, everything is just fine.
I can't find the reason...
|
12-03-2005, 04:23 AM
|
|
Temporarily Suspended
|
|
Join Date: Nov 2002
Location: Under the sea
Posts: 4,208
|
|
Did you run rkhunter --update after you installed SIM?
|
12-03-2005, 04:35 AM
|
|
Junior Guru
|
|
Join Date: Jan 2005
Posts: 203
|
|
Yes adam, of course.
Few lines from output.
/usr/bin/users [ BAD ]
/usr/sbin/prelink: /lib/tls/libc-2.3.5.so has a dependency cycle
/usr/sbin/prelink: /usr/bin/w: at least one of file's dependencies has changed since prelinking
/usr/sbin/prelink: /lib/tls/libc-2.3.5.so has a dependency cycle
/usr/sbin/prelink: /usr/bin/w: at least one of file's dependencies has changed since prelinking
/usr/sbin/prelink: /lib/tls/libc-2.3.5.so has a dependency cycle
/usr/sbin/prelink: /usr/bin/w: at least one of file's dependencies has changed since prelinking
/usr/sbin/prelink: /lib/tls/libc-2.3.5.so has a dependency cycle
/usr/sbin/prelink: /usr/bin/w: at least one of file's dependencies has changed since prelinking
/usr/bin/w [ BAD ]
/usr/sbin/prelink: /lib/tls/libc-2.3.5.so has a dependency cycle
/usr/sbin/prelink: /usr/bin/watch: at least one of file's dependencies has changed since prelinking
/usr/sbin/prelink: /lib/tls/libc-2.3.5.so has a dependency cycle
/usr/sbin/prelink: /usr/bin/watch: at least one of file's dependencies has changed since prelinking
/usr/sbin/prelink: /lib/tls/libc-2.3.5.so has a dependency cycle
/usr/sbin/prelink: /usr/bin/watch: at least one of file's dependencies has changed since prelinking
/usr/sbin/prelink: /lib/tls/libc-2.3.5.so has a dependency cycle
/usr/sbin/prelink: /usr/bin/watch: at least one of file's dependencies has changed since prelinking
/usr/bin/watch [ BAD ]
/usr/sbin/prelink: /lib/tls/libc-2.3.5.so has a dependency cycle
/usr/sbin/prelink: /usr/bin/who: at least one of file's dependencies has changed since prelinking
/usr/bin/who [ BAD ]
/usr/sbin/prelink: /lib/tls/libc-2.3.5.so has a dependency cycle
/usr/sbin/prelink: /usr/bin/whoami: at least one of file's dependencies has changed since prelinking
/usr/bin/whoami [ BAD ]
Before SIM installation, all those binaries have [ OK ] status.
|
12-03-2005, 05:11 AM
|
|
Telecommunication operator
|
|
Join Date: May 2002
Location: Russia, Moscow
Posts: 1,424
|
|
you should remove libsafe from ld.conf and then rerun prelink. i remember that on fedora prelink and libsafe always has a conflict.
so, don't panic, it is normal for fedora + libsafe. libsafe just do not allow prelink update system libraries and for this reason prelink not work correct and then rkhunter can't correct count control sum for system files. it is possible to solve, but i am not remember how 
__________________
Robobill.net Dedicated server since 2002, RIPE NCC member, LIR, AS25478
|
12-03-2005, 05:36 AM
|
|
Junior Guru
|
|
Join Date: Jan 2005
Posts: 203
|
|
|
Related posts from TheWhir.com
|
| Title |
Type |
Date Posted |
| Thread Tools |
Search this Thread |
|
|
|
| Display Modes |
 Linear Mode
|
| Postbit Selector |
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
|
| Login: |
|
|
| Advertisement: |
|
|
| Web Hosting News: |
|
|
|
