Date: Wed, 7 Jul 2021 22:24:09 +0200 From: Michael Grimm via freebsd-stable <freebsd-stable@freebsd.org> To: Warner Losh <imp@bsdimp.com> Cc: FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>, FreeBSD ports <freebsd-ports@freebsd.org>, lukasz@wasikowski.net, Stefan Esser <se@freebsd.org> Subject: Re: security/rkhunter without hashes after recent STABLE-13 update Message-ID: <0B2C7AEA-27C6-4259-9DCF-D20C19737A50@ellael.org> In-Reply-To: <CANCZdfpQCVm%2BaEbimzrkX%2BXkfXcbx2tJPgPXriqzMCYjZJ8kKg@mail.gmail.com> References: <416D3033-138D-4BBB-84FA-FAEA2944C837@ellael.org> <CANCZdfr3Ye2hbZJtvBmYqKMF9S_KbGHCzsoRWbMjCxwPEOJSkQ@mail.gmail.com> <B829235A-3C8F-46F4-8D25-00A6125CE264@ellael.org> <CANCZdfojJ%2BiG9dcZ=nPZ65qsON6v2rnG6PLQwQFMJ0N-U8bohQ@mail.gmail.com> <08637D0D-9D65-4F53-9A64-F4742BA8E415@ellael.org> <CANCZdfpQCVm%2BaEbimzrkX%2BXkfXcbx2tJPgPXriqzMCYjZJ8kKg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_D505DE2F-C582-4001-BDE4-19F198707C1B Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Warner Losh <imp@bsdimp.com> wrote: >=20 > On Wed, Jul 7, 2021 at 12:47 PM Michael Grimm <trashcan@ellael.org> = wrote: >> Warner Losh <imp@bsdimp.com> wrote: >>> Sorry for any hassle this work is causing. >>=20 >> No big deal for rkhunter, a workaround exists ;-) >=20 > I think the reason is that it automatically switched to using = sha256sum > because it was present, but it didn't automatically change = #HASH_FLD_IDX=3D4 > to be 1. The shell script is tricky enough that I've not looked = through it > all. I'd argue this is a bug in the get_sha_hash_function which = doesn't > adjust the HASH_FLD_IDX based on which version it finds. Instead, it = sets > it unconditionally to 4 on *BSD or DragonFly. >=20 > Warner >=20 > P.S. I think it needs something like the following updated > patch-files_rkhunter and/or changes upstream. I don't know what this = port > does, apart from what I've just read. Can you see if this fixes this? Your rkhunter script seems to be different to mine =E2=80=A6 MWN> patch < rkhunter.diff=20 Hmm... Looks like a unified diff to me=E2=80=A6 The text leading up to this was: =E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2= =80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94 |--- files/rkhunter.orig 2018-02-24 16:08:27.000000000 = -0700 |+++ files/rkhunter 2021-07-07 13:38:56.094378000 -0600 =E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2= =80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94 Patching file rkhunter using Plan A=E2=80=A6 Hunk #1 succeeded at 4751. Hunk #2 failed at 7525. Hunk #3 succeeded at 19734 (offset 3 lines). Hunk #4 failed at 19810. 2 out of 4 hunks failed--saving rejects to rkhunter.rej done But anyway, you nailed it! That fixes rkhunter. It will now produce = hashes for both /sbin/sha256 and /sbin/sha256sum. The attached patch (diff to new rkhunter script with both succeeding = hunks) will work for the rkhunter-1.4.6 script. Thanks and with kind regards, Michael --Apple-Mail=_D505DE2F-C582-4001-BDE4-19F198707C1B--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0B2C7AEA-27C6-4259-9DCF-D20C19737A50>