Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I recently installed and started using rkhunter and I have this warning that I cannot figure out how to resolve it. When running rkhunter I get the following:
Code:
[ Rootkit Hunter version 1.3.2 ]
Checking system commands...
Performing 'strings' command checks
Checking 'strings' command [ OK ]
Performing 'shared libraries' checks
Checking for preloading variables [ None found ]
Checking for preload file [ Not found ]
Checking LD_LIBRARY_PATH variable [ Warning ]
in more detail from the log
Code:
[09:24:58] Performing 'shared libraries' checks
[09:24:58] Info: Starting test name 'shared_libs'
[09:24:58] Checking for preloading variables [ None found ]
[09:24:58] Checking for preload file [ Not found ]
[09:24:58] Info: Starting test name 'shared_libs_path'
[09:24:58] Checking LD_LIBRARY_PATH variable [ Warning ]
[09:24:59] Warning: The LD_LIBRARY_PATH environment variable is set and can influence binaries: set to: /usr/lib/oracle/10.2.0.4/client/lib
[09:24:59]
I could unset it but that's just 'escaping' the conflict I think. Since this is running on a production server (Nagios monitoring), if I unset it I would get unnecessary alerts because the database checks don't get executed. I'd prefer a way to set is as 'allowed' like you can do for xinetd or inetd services. Any idea how I could do that?
...outdated. Current is 1.3.4 and we're working on getting 1.3.6 out this month.
Quote:
Originally Posted by EricTRA
how and/or in which config file do I tell rkhunter that this variable is legitimate?
You don't. There's no (request nor) variable for whitelisting of LD_LIBRARY_PATH items. I wonder why you need to set a global LD_LIBRARY_PATH in the first place? I mean it's used by only one application so wouldn't instead using something like 'env LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/lib/oracle/10.2.0.4/client/lib /path/to/oracle_check' (or whatever workable equivalent command) or running oracle_check on the oracle server and using send_nsca to the Nagios server be more appropriate? Mind you, not that I'm a Nagios guru...
Edit2: Ok, how about unsetting it and adding it to your /etc/ld.so.conf instead?
Evo2.
Thanks for the suggestion, I'll check that out tomorrow when I'm back in the office. I'll post the results.
@unSpawn: Thanks for the reply, I just installed it from the Debian repository. I'll download and install the newest version tomorrow. About your suggestion; I'll check into it after trying the solution Evo2 offered (looks a lot easier than yours .
Got it working. When checking the ld.so.conf file there already was a link to the oracle.conf file, so I unset the LD_LIBRARY_PATH and it's all good now.
@unSpawn: I upgraded all my servers to the latest version. Thanks for the heads-up. The Debian Lenny (which I'm using) only lists the 1.3.2-6 version, squeeze (testing) and sid (unstable) have the latest. Not sure when the lenny repositories will get the latest version. I'll check in on the rkhunter site on regular basis. Thanks again.
Got it working. When checking the ld.so.conf file there already was a link to the oracle.conf file, so I unset the LD_LIBRARY_PATH and it's all good now.
So you never needed to set your LD_LIBRARY_PATH in the first place. Cool.
Quote:
Originally Posted by EricTRA
@unSpawn: I upgraded all my servers to the latest version. Thanks for the heads-up. The Debian Lenny (which I'm using) only lists the 1.3.2-6 version, squeeze (testing) and sid (unstable) have the latest. Not sure when the lenny repositories will get the latest version.
Because of the way Debian works, Lenny will never get it. Since rkhunter seems to consist of only shell and perl scripts with no minimum version requirements (please correct me if I'm wrong), you should have no problem just installing the package from testing or sid, without even the need to build from the source deb.
Since rkhunter seems to consist of only shell and perl scripts with no minimum version requirements (please correct me if I'm wrong), you should have no problem just installing the package from testing or sid, without even the need to build from the source deb.
...or from the source at rkhunter.sourceforge.net, but basically: yes. No no minimum version requirements. It's supposed to run on about anything that adheres to minimum requirements: shell, perl, "default" system packages.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.