Changeset 538
- Timestamp:
- Sep 23, 2018, 11:33:17 PM (6 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/configure.ac
r534 r538 12 12 dnl start 13 13 dnl 14 AM_INIT_AUTOMAKE(samhain, 4.3. 0)14 AM_INIT_AUTOMAKE(samhain, 4.3.1) 15 15 AC_DEFINE([SAMHAIN], 1, [Application is samhain]) 16 16 AC_CANONICAL_HOST -
trunk/docs/Changelog
r537 r538 2 2 4.3.1: 3 3 * fix compile failure on non-Linux systems (reported by Romain and Tim) 4 * provide more information for error message about bad baseline 5 database file (issue raised by Romain) 4 6 5 7 4.3.0: -
trunk/docs/FAQ.html
r462 r538 139 139 </ul> 140 140 </div> 141 <p><i>FAQ Revised: Wednesday 14 January 2015 20:41:15</i></p>141 <p><i>FAQ Revised: Monday 17 September 2018 15:13:17</i></p> 142 142 <hr><h2>Table of Contents</h2> 143 143 <dl> … … 147 147 <li><a href="#Most frequently1">1.2. samhain exits with the message "Untrusted path" for config/log/pid/database files</a></li> 148 148 <li><a href="#Most frequently2">1.3. It does not log anything / Can't stop logging to console</a></li> 149 <li><a href="#Most frequently3">1.4. Client cannot self-resolve, but nslookup works fine</a></li> 150 <li><a href="#Most frequently4">1.5. Server logs hostname instead of FQDN (or vice versa)</a></li> 149 <li><a href="#Most frequently3">1.4. samhain exits with the message "Record with bad version number in file signature database"</a></li> 150 <li><a href="#Most frequently4">1.5. Client cannot self-resolve, but nslookup works fine</a></li> 151 <li><a href="#Most frequently5">1.6. Server logs hostname instead of FQDN (or vice versa)</a></li> 151 152 </ul></dd> 152 153 <dt><b>2. Build and install</b></dt> 153 154 <dd><ul> 154 <li><a href="#Build and install0">2.1. [Fedora Core] Cannot compile with --enable-khide</a></li> 155 <li><a href="#Build and install1">2.2. [Fedora Core] Cannot compile with --with-kcheck</a></li> 156 <li><a href="#Build and install2">2.3. "make" loops infinitely !</a></li> 157 <li><a href="#Build and install3">2.4. Why does static compiling (<code>--enable-static</code>) on Solaris fail ?</a></li> 158 <li><a href="#Build and install4">2.5. Compilation fails with '/usr/bin/ld: cannot find -lnss_files'</a></li> 159 <li><a href="#Build and install5">2.6. The executable is corrupted after installation</a></li> 160 <li><a href="#Build and install6">2.7. --enable-xml-log has no effect</a></li> 161 <li><a href="#Build and install7">2.8. ./install-sh: strip: not found (Solaris)</a></li> 162 <li><a href="#Build and install8">2.9. What is sh_tiger1.s?</a></li> 163 <li><a href="#Build and install9">2.10. Why does static compiling (<code>--enable-static</code>) on MaxOS X fail ?</a></li> 164 <li><a href="#Build and install10">2.11. Why does compiling with MySQL fail on Solaris ?</a></li> 155 <li><a href="#Build and install0">2.1. "make" loops infinitely !</a></li> 156 <li><a href="#Build and install1">2.2. Why does static compiling (<code>--enable-static</code>) on Solaris fail ?</a></li> 157 <li><a href="#Build and install2">2.3. Compilation fails with '/usr/bin/ld: cannot find -lnss_files'</a></li> 158 <li><a href="#Build and install3">2.4. The executable is corrupted after installation</a></li> 159 <li><a href="#Build and install4">2.5. --enable-xml-log has no effect</a></li> 160 <li><a href="#Build and install5">2.6. ./install-sh: strip: not found (Solaris)</a></li> 161 <li><a href="#Build and install6">2.7. What is sh_tiger1.s?</a></li> 162 <li><a href="#Build and install7">2.8. Why does static compiling (<code>--enable-static</code>) on MaxOS X fail ?</a></li> 163 <li><a href="#Build and install8">2.9. Why does compiling with MySQL fail on Solaris ?</a></li> 165 164 </ul></dd> 166 165 <dt><b>3. File checking</b></dt> … … 282 281 is a bad idea, because samhain will open the device and write (i.e. it is 283 282 a very inefficient method).<br><br></dd> 284 <dt><b><a name="Most frequently3">1.4. Client cannot self-resolve, but nslookup works fine</a></b></dt> 283 <dt><b><a name="Most frequently3">1.4. samhain exits with the message "Record with bad version number in file signature database"</a></b></dt> 284 <dd>This typically happens when the initialisation of the database has been 285 done repeatedly, i.e. by using '-t init' multiple times, without (re)moving 286 the previous database first before an initialisation.<br><br></dd> 287 <dt><b><a name="Most frequently4">1.5. Client cannot self-resolve, but nslookup works fine</a></b></dt> 285 288 <dd><ul> 286 289 <li>Nslookup is a program to query Internet domain name servers. … … 333 336 xxx.xxx.xxx.xxx myhost.mydomain.tld myhost 334 337 </pre></div><br><br></dd> 335 <dt><b><a name="Most frequently 4">1.5. Server logs hostname instead of FQDN (or vice versa)</a></b></dt>338 <dt><b><a name="Most frequently5">1.6. Server logs hostname instead of FQDN (or vice versa)</a></b></dt> 336 339 <dd>The default is to log the hostname only, if you want the FQDN 337 340 then there is an option for the server configuration: … … 343 346 <hr><h2>2. Build and install</h2> 344 347 <dl> 345 <dt><b><a name="Build and install0">2.1. [Fedora Core] Cannot compile with --enable-khide</a></b></dt> 346 <dd>The Fedora Core kernel is patched to unconditionally deny reading 347 from /dev/kmem. Compiling the stealth kernel modules is not possible 348 under these circumstances.<br><br></dd> 349 <dt><b><a name="Build and install1">2.2. [Fedora Core] Cannot compile with --with-kcheck</a></b></dt> 350 <dd>The Fedora Core kernel is patched to unconditionally deny reading 351 from /dev/kmem. Checking the kernel for the presence of rootkits is 352 not possible under these circumstances.<br><br></dd> 353 <dt><b><a name="Build and install2">2.3. "make" loops infinitely !</a></b></dt> 348 <dt><b><a name="Build and install0">2.1. "make" loops infinitely !</a></b></dt> 354 349 <dd>This may happen (e.g. when building via NFS for multiple architectures) 355 350 if the relative timestamps in the source directory are … … 358 353 "touch * && make distclean" in the source directory 359 354 to recover.<br><br></dd> 360 <dt><b><a name="Build and install 3">2.4. Why does static compiling (<code>--enable-static</code>) on Solaris fail ?</a></b></dt>355 <dt><b><a name="Build and install1">2.2. Why does static compiling (<code>--enable-static</code>) on Solaris fail ?</a></b></dt> 361 356 <dd>Ingo Rogalsky has provided the following information: It isn't possible 362 357 to link Samhain statically with Solaris. This 363 358 is a Solaris issue (see Sun Infodoc ID12624) and not a samhain problem.<br><br></dd> 364 <dt><b><a name="Build and install 4">2.5. Compilation fails with '/usr/bin/ld: cannot find -lnss_files'</a></b></dt>359 <dt><b><a name="Build and install2">2.3. Compilation fails with '/usr/bin/ld: cannot find -lnss_files'</a></b></dt> 365 360 <dd>For Linux, this is a known problem with --enable-static if you compile 366 361 in MySQL support. The problem is that the … … 378 373 <i>client_libs</i> variable, and remove all instances 379 374 of <i>-lnss_files</i> and <i>-lnss_dns</i>.<br><br></dd> 380 <dt><b><a name="Build and install 5">2.6. The executable is corrupted after installation</a></b></dt>375 <dt><b><a name="Build and install3">2.4. The executable is corrupted after installation</a></b></dt> 381 376 <dd>The executable will get stripped during the installation. On 382 377 suitable systems (i386 Linux/FreeBSD currently), additionally … … 388 383 executable, therefore trying to strip manually after installation 389 384 will corrupt the executable.<br><br></dd> 390 <dt><b><a name="Build and install 6">2.7. --enable-xml-log has no effect</a></b></dt>385 <dt><b><a name="Build and install4">2.5. --enable-xml-log has no effect</a></b></dt> 391 386 <dd>If you have compiled for stealth, you won't see much, because if 392 387 obfuscated, then both a 'normal' and an XML logfile look, 393 388 well ... obfuscated. Use <code>samhain -jL /path/to/logfile</code> 394 389 to view the logfile.<br><br></dd> 395 <dt><b><a name="Build and install 7">2.8. ./install-sh: strip: not found (Solaris)</a></b></dt>390 <dt><b><a name="Build and install5">2.6. ./install-sh: strip: not found (Solaris)</a></b></dt> 396 391 <dd>Install the SUNWbtool package.<br><br></dd> 397 <dt><b><a name="Build and install 8">2.9. What is sh_tiger1.s?</a></b></dt>392 <dt><b><a name="Build and install6">2.7. What is sh_tiger1.s?</a></b></dt> 398 393 <dd>This is a precompiled assembly file for the i386 architecture 399 394 generated from sh_tiger1.c using gcc 3.4.0 with the following options, … … 411 406 it would be impossible to maintain a library of optimal compile options 412 407 for every version of gcc.<br><br></dd> 413 <dt><b><a name="Build and install 9">2.10. Why does static compiling (<code>--enable-static</code>) on MaxOS X fail ?</a></b></dt>408 <dt><b><a name="Build and install7">2.8. Why does static compiling (<code>--enable-static</code>) on MaxOS X fail ?</a></b></dt> 414 409 <dd>Static linking is not supported on MacOS X, see 415 410 <a href="http://developer.apple.com/qa/qa2001/qa1118.html">Technical Q&A QA1118</a>. 416 411 This is a MacOS X issue and not a bug in samhain.<br><br></dd> 417 <dt><b><a name="Build and install 10">2.11. Why does compiling with MySQL fail on Solaris ?</a></b></dt>412 <dt><b><a name="Build and install8">2.9. Why does compiling with MySQL fail on Solaris ?</a></b></dt> 418 413 <dd>The reason is often the shell script 'mysql_config' that comes as part 419 414 of MySQL. This script is intended to print appropriate compiler flags for -
trunk/src/sh_dbIO.c
r525 r538 409 409 { 410 410 dlog(1, file, line, 411 _("There is a record with a bad version number in the file signature database: %s\n "),411 _("There is a record with a bad version number in the file signature database: %s\nThis may be caused by using '-t init' repeatedly to initialise the database, without (re)moving the database file.\n"), 412 412 (NULL == filepath) ? _("(null)") : filepath); 413 413 sh_error_handle((-1), file, line, 0, MSG_E_SUBGPATH,
Note:
See TracChangeset
for help on using the changeset viewer.