rkhunter: prelinking hash function warning

Question

We are using rkhunter to check to scan our server periodically. Server operating system is CentOS 6/7. But since last rkhunter update (to currently version 1.4.4) we getting following warning message:

[10:12:09] Performing file properties checks
[10:12:09] Warning: Checking for prerequisites               [ Warning ]
[10:12:09]          All file hash checks will be skipped because:
[10:12:09]              This system uses prelinking, but the hash function 
                        command does not look like SHA1 or MD5.

But we had prelinking all with:

/> prelink -a --md5

Anybody knows how I can prevent the message or what can be wrong?

G H · Accepted Answer · 2017-09-22T16:06:29.760

2

Delete the /etc/prelink.cache file. Run the prelink rebuild with /etc/cron.daily/prelink. Then run rkhunter --propupd.

Then doing a rkhunter -c showed clean.

From: https://sourceforge.net/p/rkhunter/mailman/message/35131677/

Update: CentOS has since added an upgrade that removes the comment mark from the line HASH_CMD=sha1sum in the rkhunter.conf file.

edited Sep 22 '17 at 16:06

answered Aug 08 '17 at 19:18

G H

136
4

Unfortunately, it seems that the message came back a few days later. Trying to decide if it is better to disable pre-linking or change the rkhunter.conf file to use SHA1 again which was the previous default. Upgrading the default to SHA512 is where the problem originates. – G H Sep 19 '17 at 20:05

score 0 · Answer 2 · answered Jan 04 '19 at 14:55

0

I solved this indefinitely by running the following for each file listed in the Warning. For example, /bin/grep was as follows:

prelink /bin/grep

Then, running:

rkhunter --propupd

answered Jan 04 '19 at 14:55

Matt S

1
1

rkhunter: prelinking hash function warning

2 Answers2