Re: security/rkhunter without hashes after recent STABLE-13 update

From: Warner Losh <imp_at_bsdimp.com>
Date: Wed, 7 Jul 2021 08:51:36 -0600
On Wed, Jul 7, 2021 at 6:19 AM Michael Grimm via freebsd-stable <
freebsd-stable_at_freebsd.org> wrote:

> Hi,
>
> I noticed that after my last upgrade to stable/13-n246157 (from
> stable/13-n246147) that /usr/local/var/lib/rkhunter/db/rkhunter.dat started
> lacking hashes.
>
> Regarding rkhunter.conf the default setting is:
>
>         HASH_CMD=SHA256
>
> and:
>
>         If just the command name is given, and it is one of MD5,
>         SHA1, SHA224, SHA256, SHA384 or SHA512, then rkhunter will first
> look for the
>         relevant command, such as 'sha256sum', and then for 'sha256'.
>
> If I do modify the setting to ...
>
>         HASH_CMD=/sbin/sha256
>
> … rkhunter.dat shows hashes again.
>
>
> Ok, that can be fixed.
>
> But I wonder if my findings have something to do with security/rkhunter at
> all, because that port didn't change recently.
>
> Can someone point me into the right direction, how to find out if the
> output of /sbin/sha256sum changes between stable/13-n246147 and
> stable/13-n246157?
>

This is likely an incompletely merged set of changes to md5, et al. I
recently added the 'sum' variations, but
did so from an incomplete description so I got the output format wrong in a
couple of cases. se_at_ went in and
fixed that, and added a lot of compat tests to make sure they weren't
further regressions.

b33d1898c1b0 is the latest fix, from Jun 29th in -current and merged to
stable/13 Jul 6th. It's at n246188 so a little too late unless you have a
slight kernel mismatch with your userland/jail. I didn' tsee any changes
between n246147 or n146157 that would do this, though. What's the hash that
you have at n246157? I think it should be fd5b08977630.

So the change is expected, but if the change to all the *sum programs is
incompatible still, I know I'd like to know (as I'm sure se_at_ would as
well). All the *sum programs are very new and designed to be 100%
compatible with the linux versions and if they aren't that needs to be
fixed.

Warner
Received on Wed Jul 07 2021 - 14:51:36 UTC

Original text of this message