Running rkhunter v1.2.8 from either the included cron job or from the command line with 'rkhunter -c' error at the start with: Rootkit Hunter 1.2.8 is running Determining OS... Unknown Warning: This operating system is not fully supported! Warning: Cannot find md5_not_known All MD5 checks will be skipped! Downgrading to v1.2.7-r1 (which used to work fine a while back) now produces the same error. emerge --info: Portage 2.1_pre7-r2 (default-linux/x86/2006.0, gcc-3.4.5, glibc-2.4-r0, 2.6.15-gentoo-r1 i686) ================================================================= System uname: 2.6.15-gentoo-r1 i686 AMD Athlon(tm) Gentoo Base System version 1.12.0_pre16 ccache version 2.4 [enabled] dev-lang/python: 2.3.5, 2.4.2-r1 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1-r2 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -mtune=athlon -pipe -fomit-frame-pointer" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/revdep-rebuild /etc/terminfo /etc/env.d" CXXFLAGS="-O2 -mtune=athlon -pipe -fomit-frame-pointer" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig candy ccache confcache distlocks metadata-transfer sandbox sfperms strict" GENTOO_MIRRORS="http://gentoo.recoil.net.nz/gentoo http://ftp.citylink.co.nz/gentoo http://planetmirror.com/pub/gentoo http://mirror.isp.net.au/ftp/pub/gentoo/" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 apache2 apm authdaemond avi berkdb bitmap-fonts cli crypt ctype cups dba dri eds emboss encode esd expat fam fastbuild foomaticdb force-cgi-redirect fortran ftp gd gdbm gif gpm gstreamer imlib jpeg libg++ libwww mad memlimit mikmod motif mp3 mpeg ncurses nls nptl nptlonly ogg opengl pam pcre pdflib perl png posix python quicktime readline samba sasl sdl session simplexml soap sockets spell spl ssl tcpd tokenizer truetype truetype-fonts type1-fonts udev vorbis xml xmms xsl zlib elibc_glibc kernel_linux userland_GNU" Unset: ASFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS
I am seeing the same and am wondering if there is any effort going on to get current Gentoo in a "Supported" state. See forum-discussion at http://forums.gentoo.org/viewtopic-t-197663-start-0.html for some information what rkhunter checks in the OS.
Adding the following line to the end of /usr/lib/rkhunter/db/os.dat got rid of the "OS unsupported" message: 719:Gentoo Linux 1.12 (i386):/usr/bin/md5sum:/bin:
Aaron (ka0ttic) has got really rapid answers from the rkhunter author so getting this patch upstream shouldn't be too hard.
The following patch fixes this for me, maybe we can add this until the next version of rkhunter comes out with support for newer versions of Gentoo: diff -u -3 -p -r1.1 rkhunter-1.2.8.ebuild --- rkhunter-1.2.8.ebuild 22 Feb 2006 02:35:06 -0000 1.1 +++ rkhunter-1.2.8.ebuild 23 Apr 2006 15:43:39 -0000 @@ -28,6 +28,9 @@ src_unpack() { } src_install() { + # bug 127783 + echo "719:Gentoo Linux 1.12 (i386):/usr/bin/md5sum:/bin:" >> os.dat + insinto /usr/lib/rkhunter/db doins *.dat || die "failed to install dat files"
Be aware, if you run rkhunter with option "--update", it will fetch an updated list from it's homepage and you will loose this change... Seems like we will need to wait until the devs of rkhunter decide to add it in.
Please note bug #149951.
I've filed a bug for this upstream: https://sourceforge.net/tracker/?func=detail&atid=794187&aid=1572720&group_id=155034 Sounds like it should be fixed very soon.
closing this one - upstream fixed this