LinuxQuestions.org - samhain --enable-stealth question

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - samhain --enable-stealth question (https://www.linuxquestions.org/questions/linux-security-4/samhain-enable-stealth-question-690097/)

mihalisla

12-12-2008 09:25 AM

samhain --enable-stealth question

Hello to all of you I have ./configured samhain with steath option enabled.
How can I edit samhainrc???It is in postscript format and the samhain_steath tool only gives me the file in stdout.
If thereis a way to convert it in an editable format ,how can I convert it back to a .ps format???

Great Thanks!!!!

unSpawn

12-12-2008 12:44 PM

See 'samhain_stealth'? With "-s" it hides and with "-g" it should reveal configuration.

mihalisla

12-12-2008 06:55 PM

dear unspawn I can see the output of samhain_stealth but i can not edit the samhainrc file.
Is there a way not only to see the file but also to edit it???

unSpawn

12-12-2008 07:57 PM

No, as far as I know you'll have to extract it to a file, edit it and put it back in.

mihalisla

12-12-2008 08:24 PM

how can i do this ?
Could you please give me the procedure and an example maybe???

unSpawn

12-12-2008 08:41 PM

Running 'samhain_stealth -g bar.ps > foo; extracts file foo from bar.ps after which you should be able to edit it. After editing running 'samhain_stealth -s bar.ps foo' places foo back into bar. I don't quite get it because the Samhain manual and running 'samhain_stealth' without arguments show you how to create an uncompressed postscript file and show you the commands?

mihalisla

12-12-2008 08:56 PM

Lots of thanks unspawn !!!I read only chapter about stealth on the manual!!!

As we say here in Greece you are the corner stone of the house in the security section in our forum!!!!

Our obligation is to pass any knowledge gained for linux to others!!!

Thank you once again!!!

mihalisla

12-13-2008 10:53 AM

The MISTAKE ..... SO AS NOT TO BE MADE BY OTHERS ...................................
the samhain_stealth help file says
-s hide file 'what' in PS image 'where'
-g get hidden data from PS image 'where'
(output to stdout)
When issuing the cmd samhain_stealth -s 'what' 'ps file' IS WRONG
AS UnSpawn said earlier the syntax is samhain_stealth -s 'ps file' (no pipe in the middle) 'what' (the txt file from the extraction of samhain_stealth -g 'ps file' >(with pipe to extraction) 'what'
() are for comments

mihalisla

12-14-2008 08:40 PM

additional problem and question

Although I edited the cnf file of samhain the
samhain -t init doesn't do anything!
1. the lines with one '#'in the samhainrc are read from samhain , or are they quoted???(I mean taken as notes...sorry for my english)
2. if i don't edit the cfg file samhain initiates but it doesn't give anything as output from the cmd samhain -t check
Possible reasons???
Has anybody run on with ubuntu with options
./configure --with-gpg=/usr/bin/gpg --with-fp=DBAB3E5EBD75A9FFD65D0EEAECACA2758C9ACA18 --with-checksum=no --enable-login-watch --enable-suidcheck --enable-install-name=name --enable-stealth=197 --with-log-file=/var/log/name/name_log

I 've been trying aweek know to make it run ...please help

Thank you a lot!!!

All times are GMT -5. The time now is 03:42 PM.