Changeset 538

Timestamp:

Sep 23, 2018, 11:33:17 PM (6 years ago)

Author:

katerina

Message:

Fix for issue #430 (Insufficient information in error message).

Location:

trunk

Files:

• configure.ac (modified) (1 diff)
• docs/Changelog (modified) (1 diff)
• docs/FAQ.html (modified) (9 diffs)
• src/sh_dbIO.c (modified) (1 diff)

trunk/configure.ac

@@ -12 +12 @@
 dnl start
 dnl
-AM_INIT_AUTOMAKE(samhain, 4.3.0)
+AM_INIT_AUTOMAKE(samhain, 4.3.1)
 AC_DEFINE([SAMHAIN], 1, [Application is samhain])
 AC_CANONICAL_HOST

trunk/docs/Changelog

@@ -2 +2 @@
 4.3.1:
         * fix compile failure on non-Linux systems (reported by Romain and Tim)
+        * provide more information for error message about bad baseline
+          database file (issue raised by Romain)
 
 4.3.0:

trunk/docs/FAQ.html

@@ -139 +139 @@
 </ul>
 </div>
-<p><i>FAQ Revised: Wednesday 14 January 2015 20:41:15</i></p>
+<p><i>FAQ Revised: Monday 17 September 2018 15:13:17</i></p>
 <hr><h2>Table of Contents</h2>
 <dl>
@@ -147 +147 @@
 <li><a href="#Most frequently1">1.2. samhain exits with the message &quot;Untrusted path&quot; for config/log/pid/database files</a></li>
 <li><a href="#Most frequently2">1.3. It does not log anything / Can't stop logging to console</a></li>
-<li><a href="#Most frequently3">1.4. Client cannot self-resolve, but nslookup works fine</a></li>
-<li><a href="#Most frequently4">1.5. Server logs hostname instead of FQDN (or vice versa)</a></li>
+<li><a href="#Most frequently3">1.4. samhain exits with the message &quot;Record with bad version number in file signature database&quot;</a></li>
+<li><a href="#Most frequently4">1.5. Client cannot self-resolve, but nslookup works fine</a></li>
+<li><a href="#Most frequently5">1.6. Server logs hostname instead of FQDN (or vice versa)</a></li>
 </ul></dd>
 <dt><b>2. Build and install</b></dt>
 <dd><ul>
-<li><a href="#Build and install0">2.1. [Fedora Core] Cannot compile with --enable-khide</a></li>
-<li><a href="#Build and install1">2.2. [Fedora Core] Cannot compile with --with-kcheck</a></li>
-<li><a href="#Build and install2">2.3. &quot;make&quot; loops infinitely !</a></li>
-<li><a href="#Build and install3">2.4. Why does static compiling (<code>--enable-static</code>) on Solaris fail ?</a></li>
-<li><a href="#Build and install4">2.5. Compilation fails with '/usr/bin/ld: cannot find -lnss_files'</a></li>
-<li><a href="#Build and install5">2.6. The executable is corrupted after installation</a></li>
-<li><a href="#Build and install6">2.7. --enable-xml-log has no effect</a></li>
-<li><a href="#Build and install7">2.8. ./install-sh: strip: not found (Solaris)</a></li>
-<li><a href="#Build and install8">2.9. What is sh_tiger1.s?</a></li>
-<li><a href="#Build and install9">2.10. Why does static compiling (<code>--enable-static</code>) on MaxOS X fail ?</a></li>
-<li><a href="#Build and install10">2.11. Why does compiling with MySQL fail on Solaris ?</a></li>
+<li><a href="#Build and install0">2.1. &quot;make&quot; loops infinitely !</a></li>
+<li><a href="#Build and install1">2.2. Why does static compiling (<code>--enable-static</code>) on Solaris fail ?</a></li>
+<li><a href="#Build and install2">2.3. Compilation fails with '/usr/bin/ld: cannot find -lnss_files'</a></li>
+<li><a href="#Build and install3">2.4. The executable is corrupted after installation</a></li>
+<li><a href="#Build and install4">2.5. --enable-xml-log has no effect</a></li>
+<li><a href="#Build and install5">2.6. ./install-sh: strip: not found (Solaris)</a></li>
+<li><a href="#Build and install6">2.7. What is sh_tiger1.s?</a></li>
+<li><a href="#Build and install7">2.8. Why does static compiling (<code>--enable-static</code>) on MaxOS X fail ?</a></li>
+<li><a href="#Build and install8">2.9. Why does compiling with MySQL fail on Solaris ?</a></li>
 </ul></dd>
 <dt><b>3. File checking</b></dt>
@@ -282 +281 @@
 is a bad idea, because samhain will open the device and write (i.e. it is
 a very inefficient method).<br><br></dd>
-<dt><b><a name="Most frequently3">1.4. Client cannot self-resolve, but nslookup works fine</a></b></dt>
+<dt><b><a name="Most frequently3">1.4. samhain exits with the message &quot;Record with bad version number in file signature database&quot;</a></b></dt>
+<dd>This typically happens when the initialisation of the database has been
+done repeatedly, i.e. by using '-t init' multiple times, without (re)moving
+the previous database first before an initialisation.<br><br></dd>
+<dt><b><a name="Most frequently4">1.5. Client cannot self-resolve, but nslookup works fine</a></b></dt>
 <dd><ul>
 <li>Nslookup is  a program to query Internet domain name servers.
@@ -333 +336 @@
         xxx.xxx.xxx.xxx myhost.mydomain.tld  myhost
 </pre></div><br><br></dd>
-<dt><b><a name="Most frequently4">1.5. Server logs hostname instead of FQDN (or vice versa)</a></b></dt>
+<dt><b><a name="Most frequently5">1.6. Server logs hostname instead of FQDN (or vice versa)</a></b></dt>
 <dd>The default is to log the hostname only, if you want the FQDN
 then there is an option for the server configuration:
@@ -343 +346 @@
 <hr><h2>2. Build and install</h2>
 <dl>
-<dt><b><a name="Build and install0">2.1. [Fedora Core] Cannot compile with --enable-khide</a></b></dt>
-<dd>The Fedora Core kernel is patched to unconditionally deny reading
-from /dev/kmem. Compiling the stealth kernel modules is not possible
-under these circumstances.<br><br></dd>
-<dt><b><a name="Build and install1">2.2. [Fedora Core] Cannot compile with --with-kcheck</a></b></dt>
-<dd>The Fedora Core kernel is patched to unconditionally deny reading
-from /dev/kmem. Checking the kernel for the presence of rootkits is
-not possible under these circumstances.<br><br></dd>
-<dt><b><a name="Build and install2">2.3. &quot;make&quot; loops infinitely !</a></b></dt>
+<dt><b><a name="Build and install0">2.1. &quot;make&quot; loops infinitely !</a></b></dt>
 <dd>This may happen (e.g. when building via NFS for multiple architectures) 
    if the relative timestamps in the source directory are
@@ -358 +353 @@
    &quot;touch * &amp;&amp; make distclean&quot; in the source directory
    to recover.<br><br></dd>
-<dt><b><a name="Build and install3">2.4. Why does static compiling (<code>--enable-static</code>) on Solaris fail ?</a></b></dt>
+<dt><b><a name="Build and install1">2.2. Why does static compiling (<code>--enable-static</code>) on Solaris fail ?</a></b></dt>
 <dd>Ingo Rogalsky has provided the following information: It isn't possible 
    to link Samhain statically with Solaris. This
    is a Solaris issue (see Sun Infodoc ID12624) and not a samhain problem.<br><br></dd>
-<dt><b><a name="Build and install4">2.5. Compilation fails with '/usr/bin/ld: cannot find -lnss_files'</a></b></dt>
+<dt><b><a name="Build and install2">2.3. Compilation fails with '/usr/bin/ld: cannot find -lnss_files'</a></b></dt>
 <dd>For Linux, this is a known problem with --enable-static if you compile
      in MySQL support. The problem is that the 
@@ -378 +373 @@
      <i>client_libs</i> variable, and remove all instances 
      of <i>-lnss_files</i> and <i>-lnss_dns</i>.<br><br></dd>
-<dt><b><a name="Build and install5">2.6. The executable is corrupted after installation</a></b></dt>
+<dt><b><a name="Build and install3">2.4. The executable is corrupted after installation</a></b></dt>
 <dd>The executable will get stripped during the installation. On
         suitable systems (i386 Linux/FreeBSD currently), additionally 
@@ -388 +383 @@
         executable, therefore trying to strip manually after installation
         will corrupt the executable.<br><br></dd>
-<dt><b><a name="Build and install6">2.7. --enable-xml-log has no effect</a></b></dt>
+<dt><b><a name="Build and install4">2.5. --enable-xml-log has no effect</a></b></dt>
 <dd>If you have compiled for stealth, you won't see much, because if
         obfuscated, then both a 'normal' and an XML logfile look,
         well ... obfuscated. Use <code>samhain -jL /path/to/logfile</code>
         to view the logfile.<br><br></dd>
-<dt><b><a name="Build and install7">2.8. ./install-sh: strip: not found (Solaris)</a></b></dt>
+<dt><b><a name="Build and install5">2.6. ./install-sh: strip: not found (Solaris)</a></b></dt>
 <dd>Install the SUNWbtool package.<br><br></dd>
-<dt><b><a name="Build and install8">2.9. What is sh_tiger1.s?</a></b></dt>
+<dt><b><a name="Build and install6">2.7. What is sh_tiger1.s?</a></b></dt>
 <dd>This is a precompiled assembly file for the i386 architecture 
 generated from sh_tiger1.c using gcc 3.4.0 with the following options,
@@ -411 +406 @@
 it would be impossible to maintain a library of optimal compile options
 for every version of gcc.<br><br></dd>
-<dt><b><a name="Build and install9">2.10. Why does static compiling (<code>--enable-static</code>) on MaxOS X fail ?</a></b></dt>
+<dt><b><a name="Build and install7">2.8. Why does static compiling (<code>--enable-static</code>) on MaxOS X fail ?</a></b></dt>
 <dd>Static linking is not supported on MacOS X, see 
 <a href="http://developer.apple.com/qa/qa2001/qa1118.html">Technical Q&A QA1118</a>. 
 This is a MacOS X issue and not a bug in samhain.<br><br></dd>
-<dt><b><a name="Build and install10">2.11. Why does compiling with MySQL fail on Solaris ?</a></b></dt>
+<dt><b><a name="Build and install8">2.9. Why does compiling with MySQL fail on Solaris ?</a></b></dt>
 <dd>The reason is often the shell script 'mysql_config' that comes as part
 of MySQL. This script is intended to print appropriate compiler flags for

trunk/src/sh_dbIO.c

@@ -409 +409 @@
 {
   dlog(1, file, line, 
-       _("There is a record with a bad version number in the file signature database: %s\n"),
+       _("There is a record with a bad version number in the file signature database: %s\nThis may be caused by using '-t init' repeatedly to initialise the database, without (re)moving the database file.\n"),
        (NULL == filepath) ? _("(null)") : filepath);
   sh_error_handle((-1), file, line, 0, MSG_E_SUBGPATH,