Date: Wed, 7 Jul 2021 08:51:36 -0600 From: Warner Losh <imp@bsdimp.com> To: Michael Grimm <trashcan@ellael.org> Cc: FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>, FreeBSD ports <freebsd-ports@freebsd.org>, lukasz@wasikowski.net, Stefan Esser <se@freebsd.org> Subject: Re: security/rkhunter without hashes after recent STABLE-13 update Message-ID: <CANCZdfr3Ye2hbZJtvBmYqKMF9S_KbGHCzsoRWbMjCxwPEOJSkQ@mail.gmail.com> In-Reply-To: <416D3033-138D-4BBB-84FA-FAEA2944C837@ellael.org> References: <416D3033-138D-4BBB-84FA-FAEA2944C837@ellael.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--000000000000839c7905c689ad82 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wed, Jul 7, 2021 at 6:19 AM Michael Grimm via freebsd-stable < freebsd-stable@freebsd.org> wrote: > Hi, > > I noticed that after my last upgrade to stable/13-n246157 (from > stable/13-n246147) that /usr/local/var/lib/rkhunter/db/rkhunter.dat start= ed > lacking hashes. > > Regarding rkhunter.conf the default setting is: > > HASH_CMD=3DSHA256 > > and: > > If just the command name is given, and it is one of MD5, > SHA1, SHA224, SHA256, SHA384 or SHA512, then rkhunter will first > look for the > relevant command, such as 'sha256sum', and then for 'sha256'. > > If I do modify the setting to ... > > HASH_CMD=3D/sbin/sha256 > > =E2=80=A6 rkhunter.dat shows hashes again. > > > Ok, that can be fixed. > > But I wonder if my findings have something to do with security/rkhunter a= t > all, because that port didn't change recently. > > Can someone point me into the right direction, how to find out if the > output of /sbin/sha256sum changes between stable/13-n246147 and > stable/13-n246157? > This is likely an incompletely merged set of changes to md5, et al. I recently added the 'sum' variations, but did so from an incomplete description so I got the output format wrong in a couple of cases. se@ went in and fixed that, and added a lot of compat tests to make sure they weren't further regressions. b33d1898c1b0 is the latest fix, from Jun 29th in -current and merged to stable/13 Jul 6th. It's at n246188 so a little too late unless you have a slight kernel mismatch with your userland/jail. I didn' tsee any changes between n246147 or n146157 that would do this, though. What's the hash that you have at n246157? I think it should be fd5b08977630. So the change is expected, but if the change to all the *sum programs is incompatible still, I know I'd like to know (as I'm sure se@ would as well). All the *sum programs are very new and designed to be 100% compatible with the linux versions and if they aren't that needs to be fixed. Warner --000000000000839c7905c689ad82--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CANCZdfr3Ye2hbZJtvBmYqKMF9S_KbGHCzsoRWbMjCxwPEOJSkQ>