Date: Wed, 7 Jul 2021 14:35:11 -0600 From: Warner Losh <imp@bsdimp.com> To: Michael Grimm <trashcan@ellael.org> Cc: FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>, FreeBSD ports <freebsd-ports@freebsd.org>, lukasz@wasikowski.net, Stefan Esser <se@freebsd.org> Subject: Re: security/rkhunter without hashes after recent STABLE-13 update Message-ID: <CANCZdfoc=EUAf0rfiV1xwCbho03bC%2BBqGw1PXxNhQ7Jok4hezQ@mail.gmail.com> In-Reply-To: <0B2C7AEA-27C6-4259-9DCF-D20C19737A50@ellael.org> References: <416D3033-138D-4BBB-84FA-FAEA2944C837@ellael.org> <CANCZdfr3Ye2hbZJtvBmYqKMF9S_KbGHCzsoRWbMjCxwPEOJSkQ@mail.gmail.com> <B829235A-3C8F-46F4-8D25-00A6125CE264@ellael.org> <CANCZdfojJ%2BiG9dcZ=nPZ65qsON6v2rnG6PLQwQFMJ0N-U8bohQ@mail.gmail.com> <08637D0D-9D65-4F53-9A64-F4742BA8E415@ellael.org> <CANCZdfpQCVm%2BaEbimzrkX%2BXkfXcbx2tJPgPXriqzMCYjZJ8kKg@mail.gmail.com> <0B2C7AEA-27C6-4259-9DCF-D20C19737A50@ellael.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--00000000000046a4fd05c68e7ae5 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, Jul 7, 2021 at 2:24 PM Michael Grimm <trashcan@ellael.org> wrote: > Warner Losh <imp@bsdimp.com> wrote: > > > > On Wed, Jul 7, 2021 at 12:47 PM Michael Grimm <trashcan@ellael.org> > wrote: > >> Warner Losh <imp@bsdimp.com> wrote: > > >>> Sorry for any hassle this work is causing. > >> > >> No big deal for rkhunter, a workaround exists ;-) > > > > I think the reason is that it automatically switched to using sha256sum > > because it was present, but it didn't automatically change > #HASH_FLD_IDX=3D4 > > to be 1. The shell script is tricky enough that I've not looked through > it > > all. I'd argue this is a bug in the get_sha_hash_function which doesn't > > adjust the HASH_FLD_IDX based on which version it finds. Instead, it se= ts > > it unconditionally to 4 on *BSD or DragonFly. > > > > Warner > > > > P.S. I think it needs something like the following updated > > patch-files_rkhunter and/or changes upstream. I don't know what this po= rt > > does, apart from what I've just read. Can you see if this fixes this? > > > Your rkhunter script seems to be different to mine =E2=80=A6 > > MWN> patch < rkhunter.diff > Hmm... Looks like a unified diff to me=E2=80=A6 > The text leading up to this was: > =E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94= =E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94 > |--- files/rkhunter.orig 2018-02-24 16:08:27.000000000 -07= 00 > |+++ files/rkhunter 2021-07-07 13:38:56.094378000 -0600 > =E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94= =E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94=E2=80=94 > Patching file rkhunter using Plan A=E2=80=A6 > Hunk #1 succeeded at 4751. > Hunk #2 failed at 7525. > Hunk #3 succeeded at 19734 (offset 3 lines). > Hunk #4 failed at 19810. > 2 out of 4 hunks failed--saving rejects to rkhunter.rej > done > > But anyway, you nailed it! That fixes rkhunter. It will now produce hashe= s > for both /sbin/sha256 and /sbin/sha256sum. > > The attached patch (diff to new rkhunter script with both succeeding > hunks) will work for the rkhunter-1.4.6 script. > Great! I see you've cc'd lukasz. I'll assume that he can commit it, but if there's an issue, please let me know! Warner > Thanks and with kind regards, > Michael > > > --00000000000046a4fd05c68e7ae5--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfoc=EUAf0rfiV1xwCbho03bC%2BBqGw1PXxNhQ7Jok4hezQ>