Re: security/rkhunter without hashes after recent STABLE-13 update
Date: Wed, 07 Jul 2021 14:51:36 UTC
On Wed, Jul 7, 2021 at 6:19 AM Michael Grimm via freebsd-stable < freebsd-stable@freebsd.org> wrote: > Hi, > > I noticed that after my last upgrade to stable/13-n246157 (from > stable/13-n246147) that /usr/local/var/lib/rkhunter/db/rkhunter.dat started > lacking hashes. > > Regarding rkhunter.conf the default setting is: > > HASH_CMD=SHA256 > > and: > > If just the command name is given, and it is one of MD5, > SHA1, SHA224, SHA256, SHA384 or SHA512, then rkhunter will first > look for the > relevant command, such as 'sha256sum', and then for 'sha256'. > > If I do modify the setting to ... > > HASH_CMD=/sbin/sha256 > > … rkhunter.dat shows hashes again. > > > Ok, that can be fixed. > > But I wonder if my findings have something to do with security/rkhunter at > all, because that port didn't change recently. > > Can someone point me into the right direction, how to find out if the > output of /sbin/sha256sum changes between stable/13-n246147 and > stable/13-n246157? > This is likely an incompletely merged set of changes to md5, et al. I recently added the 'sum' variations, but did so from an incomplete description so I got the output format wrong in a couple of cases. se@ went in and fixed that, and added a lot of compat tests to make sure they weren't further regressions. b33d1898c1b0 is the latest fix, from Jun 29th in -current and merged to stable/13 Jul 6th. It's at n246188 so a little too late unless you have a slight kernel mismatch with your userland/jail. I didn' tsee any changes between n246147 or n146157 that would do this, though. What's the hash that you have at n246157? I think it should be fd5b08977630. So the change is expected, but if the change to all the *sum programs is incompatible still, I know I'd like to know (as I'm sure se@ would as well). All the *sum programs are very new and designed to be 100% compatible with the linux versions and if they aren't that needs to be fixed. Warner