Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 127783 - rkhunter 1.2.8 scans error with OS not supported & md5_not_known
Summary: rkhunter 1.2.8 scans error with OS not supported & md5_not_known
Status: RESOLVED UPSTREAM
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: x86 Linux
: High normal (vote)
Assignee: Forensics Herd [disbanded]
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-03-27 12:45 UTC by VinnieNZ
Modified: 2007-01-13 20:18 UTC (History)
9 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description VinnieNZ 2006-03-27 12:45:19 UTC
Running rkhunter v1.2.8 from either the included cron job or from the command line with 'rkhunter -c' error at the start with:

Rootkit Hunter 1.2.8 is running

Determining OS... Unknown
Warning: This operating system is not fully supported!
Warning: Cannot find md5_not_known
All MD5 checks will be skipped!


Downgrading to v1.2.7-r1 (which used to work fine a while back) now produces the same error.



emerge --info:
Portage 2.1_pre7-r2 (default-linux/x86/2006.0, gcc-3.4.5, glibc-2.4-r0, 2.6.15-gentoo-r1 i686)
=================================================================
System uname: 2.6.15-gentoo-r1 i686 AMD Athlon(tm)
Gentoo Base System version 1.12.0_pre16
ccache version 2.4 [enabled]
dev-lang/python:     2.3.5, 2.4.2-r1
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1-r2
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -mtune=athlon -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -mtune=athlon -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig candy ccache confcache distlocks metadata-transfer sandbox sfperms strict"
GENTOO_MIRRORS="http://gentoo.recoil.net.nz/gentoo http://ftp.citylink.co.nz/gentoo http://planetmirror.com/pub/gentoo http://mirror.isp.net.au/ftp/pub/gentoo/"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 apache2 apm authdaemond avi berkdb bitmap-fonts cli crypt ctype cups dba dri eds emboss encode esd expat fam fastbuild foomaticdb force-cgi-redirect fortran ftp gd gdbm gif gpm gstreamer imlib jpeg libg++ libwww mad memlimit mikmod motif mp3 mpeg ncurses nls nptl nptlonly ogg opengl pam pcre pdflib perl png posix python quicktime readline samba sasl sdl session simplexml soap sockets spell spl ssl tcpd tokenizer truetype truetype-fonts type1-fonts udev vorbis xml xmms xsl zlib elibc_glibc kernel_linux userland_GNU"
Unset:  ASFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS
Comment 1 Dominik Stadler (RETIRED) gentoo-dev 2006-04-10 13:05:12 UTC
I am seeing the same and am wondering if there is any effort going on to get current Gentoo in a "Supported" state.

See forum-discussion at http://forums.gentoo.org/viewtopic-t-197663-start-0.html for some information what rkhunter checks in the OS.
Comment 2 Dominik Stadler (RETIRED) gentoo-dev 2006-04-10 13:08:11 UTC
Adding the following line to the end of /usr/lib/rkhunter/db/os.dat got rid of the "OS unsupported" message:

719:Gentoo Linux 1.12 (i386):/usr/bin/md5sum:/bin:
Comment 3 Daniel Black (RETIRED) gentoo-dev 2006-04-11 02:17:56 UTC
Aaron (ka0ttic) has got really rapid answers from the rkhunter author so getting this patch upstream shouldn't be too hard.
Comment 4 Dominik Stadler (RETIRED) gentoo-dev 2006-04-23 08:44:47 UTC
The following patch fixes this for me, maybe we can add this until the next version of rkhunter comes out with support for newer versions of Gentoo:

diff -u -3 -p -r1.1 rkhunter-1.2.8.ebuild
--- rkhunter-1.2.8.ebuild       22 Feb 2006 02:35:06 -0000      1.1
+++ rkhunter-1.2.8.ebuild       23 Apr 2006 15:43:39 -0000
@@ -28,6 +28,9 @@ src_unpack() {
 }

 src_install() {
+       # bug 127783
+       echo "719:Gentoo Linux 1.12 (i386):/usr/bin/md5sum:/bin:" >> os.dat
+
        insinto /usr/lib/rkhunter/db
        doins *.dat || die "failed to install dat files"

Comment 5 Dominik Stadler (RETIRED) gentoo-dev 2006-04-24 10:34:14 UTC
Be aware, if you run rkhunter with option "--update", it will fetch an updated list from it's homepage and you will loose this change... Seems like we will need to wait until the devs of rkhunter decide to add it in. 
Comment 6 Janne Pikkarainen 2006-10-03 08:48:24 UTC
Please note bug #149951.
Comment 7 Zak Kipling 2006-10-09 07:19:26 UTC
I've filed a bug for this upstream: https://sourceforge.net/tracker/?func=detail&atid=794187&aid=1572720&group_id=155034

Sounds like it should be fixed very soon.
Comment 8 Daniel Webert 2007-01-13 20:18:48 UTC
closing this one - upstream fixed this