Changeset 538


Ignore:
Timestamp:
Sep 23, 2018, 11:33:17 PM (6 years ago)
Author:
katerina
Message:

Fix for issue #430 (Insufficient information in error message).

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/configure.ac

    r534 r538  
    1212dnl start
    1313dnl
    14 AM_INIT_AUTOMAKE(samhain, 4.3.0)
     14AM_INIT_AUTOMAKE(samhain, 4.3.1)
    1515AC_DEFINE([SAMHAIN], 1, [Application is samhain])
    1616AC_CANONICAL_HOST
  • trunk/docs/Changelog

    r537 r538  
    224.3.1:
    33        * fix compile failure on non-Linux systems (reported by Romain and Tim)
     4        * provide more information for error message about bad baseline
     5          database file (issue raised by Romain)
    46
    574.3.0:
  • trunk/docs/FAQ.html

    r462 r538  
    139139</ul>
    140140</div>
    141 <p><i>FAQ Revised: Wednesday 14 January 2015 20:41:15</i></p>
     141<p><i>FAQ Revised: Monday 17 September 2018 15:13:17</i></p>
    142142<hr><h2>Table of Contents</h2>
    143143<dl>
     
    147147<li><a href="#Most frequently1">1.2. samhain exits with the message &quot;Untrusted path&quot; for config/log/pid/database files</a></li>
    148148<li><a href="#Most frequently2">1.3. It does not log anything / Can't stop logging to console</a></li>
    149 <li><a href="#Most frequently3">1.4. Client cannot self-resolve, but nslookup works fine</a></li>
    150 <li><a href="#Most frequently4">1.5. Server logs hostname instead of FQDN (or vice versa)</a></li>
     149<li><a href="#Most frequently3">1.4. samhain exits with the message &quot;Record with bad version number in file signature database&quot;</a></li>
     150<li><a href="#Most frequently4">1.5. Client cannot self-resolve, but nslookup works fine</a></li>
     151<li><a href="#Most frequently5">1.6. Server logs hostname instead of FQDN (or vice versa)</a></li>
    151152</ul></dd>
    152153<dt><b>2. Build and install</b></dt>
    153154<dd><ul>
    154 <li><a href="#Build and install0">2.1. [Fedora Core] Cannot compile with --enable-khide</a></li>
    155 <li><a href="#Build and install1">2.2. [Fedora Core] Cannot compile with --with-kcheck</a></li>
    156 <li><a href="#Build and install2">2.3. &quot;make&quot; loops infinitely !</a></li>
    157 <li><a href="#Build and install3">2.4. Why does static compiling (<code>--enable-static</code>) on Solaris fail ?</a></li>
    158 <li><a href="#Build and install4">2.5. Compilation fails with '/usr/bin/ld: cannot find -lnss_files'</a></li>
    159 <li><a href="#Build and install5">2.6. The executable is corrupted after installation</a></li>
    160 <li><a href="#Build and install6">2.7. --enable-xml-log has no effect</a></li>
    161 <li><a href="#Build and install7">2.8. ./install-sh: strip: not found (Solaris)</a></li>
    162 <li><a href="#Build and install8">2.9. What is sh_tiger1.s?</a></li>
    163 <li><a href="#Build and install9">2.10. Why does static compiling (<code>--enable-static</code>) on MaxOS X fail ?</a></li>
    164 <li><a href="#Build and install10">2.11. Why does compiling with MySQL fail on Solaris ?</a></li>
     155<li><a href="#Build and install0">2.1. &quot;make&quot; loops infinitely !</a></li>
     156<li><a href="#Build and install1">2.2. Why does static compiling (<code>--enable-static</code>) on Solaris fail ?</a></li>
     157<li><a href="#Build and install2">2.3. Compilation fails with '/usr/bin/ld: cannot find -lnss_files'</a></li>
     158<li><a href="#Build and install3">2.4. The executable is corrupted after installation</a></li>
     159<li><a href="#Build and install4">2.5. --enable-xml-log has no effect</a></li>
     160<li><a href="#Build and install5">2.6. ./install-sh: strip: not found (Solaris)</a></li>
     161<li><a href="#Build and install6">2.7. What is sh_tiger1.s?</a></li>
     162<li><a href="#Build and install7">2.8. Why does static compiling (<code>--enable-static</code>) on MaxOS X fail ?</a></li>
     163<li><a href="#Build and install8">2.9. Why does compiling with MySQL fail on Solaris ?</a></li>
    165164</ul></dd>
    166165<dt><b>3. File checking</b></dt>
     
    282281is a bad idea, because samhain will open the device and write (i.e. it is
    283282a very inefficient method).<br><br></dd>
    284 <dt><b><a name="Most frequently3">1.4. Client cannot self-resolve, but nslookup works fine</a></b></dt>
     283<dt><b><a name="Most frequently3">1.4. samhain exits with the message &quot;Record with bad version number in file signature database&quot;</a></b></dt>
     284<dd>This typically happens when the initialisation of the database has been
     285done repeatedly, i.e. by using '-t init' multiple times, without (re)moving
     286the previous database first before an initialisation.<br><br></dd>
     287<dt><b><a name="Most frequently4">1.5. Client cannot self-resolve, but nslookup works fine</a></b></dt>
    285288<dd><ul>
    286289<li>Nslookup is  a program to query Internet domain name servers.
     
    333336        xxx.xxx.xxx.xxx myhost.mydomain.tld  myhost
    334337</pre></div><br><br></dd>
    335 <dt><b><a name="Most frequently4">1.5. Server logs hostname instead of FQDN (or vice versa)</a></b></dt>
     338<dt><b><a name="Most frequently5">1.6. Server logs hostname instead of FQDN (or vice versa)</a></b></dt>
    336339<dd>The default is to log the hostname only, if you want the FQDN
    337340then there is an option for the server configuration:
     
    343346<hr><h2>2. Build and install</h2>
    344347<dl>
    345 <dt><b><a name="Build and install0">2.1. [Fedora Core] Cannot compile with --enable-khide</a></b></dt>
    346 <dd>The Fedora Core kernel is patched to unconditionally deny reading
    347 from /dev/kmem. Compiling the stealth kernel modules is not possible
    348 under these circumstances.<br><br></dd>
    349 <dt><b><a name="Build and install1">2.2. [Fedora Core] Cannot compile with --with-kcheck</a></b></dt>
    350 <dd>The Fedora Core kernel is patched to unconditionally deny reading
    351 from /dev/kmem. Checking the kernel for the presence of rootkits is
    352 not possible under these circumstances.<br><br></dd>
    353 <dt><b><a name="Build and install2">2.3. &quot;make&quot; loops infinitely !</a></b></dt>
     348<dt><b><a name="Build and install0">2.1. &quot;make&quot; loops infinitely !</a></b></dt>
    354349<dd>This may happen (e.g. when building via NFS for multiple architectures)
    355350   if the relative timestamps in the source directory are
     
    358353   &quot;touch * &amp;&amp; make distclean&quot; in the source directory
    359354   to recover.<br><br></dd>
    360 <dt><b><a name="Build and install3">2.4. Why does static compiling (<code>--enable-static</code>) on Solaris fail ?</a></b></dt>
     355<dt><b><a name="Build and install1">2.2. Why does static compiling (<code>--enable-static</code>) on Solaris fail ?</a></b></dt>
    361356<dd>Ingo Rogalsky has provided the following information: It isn't possible
    362357   to link Samhain statically with Solaris. This
    363358   is a Solaris issue (see Sun Infodoc ID12624) and not a samhain problem.<br><br></dd>
    364 <dt><b><a name="Build and install4">2.5. Compilation fails with '/usr/bin/ld: cannot find -lnss_files'</a></b></dt>
     359<dt><b><a name="Build and install2">2.3. Compilation fails with '/usr/bin/ld: cannot find -lnss_files'</a></b></dt>
    365360<dd>For Linux, this is a known problem with --enable-static if you compile
    366361     in MySQL support. The problem is that the
     
    378373     <i>client_libs</i> variable, and remove all instances
    379374     of <i>-lnss_files</i> and <i>-lnss_dns</i>.<br><br></dd>
    380 <dt><b><a name="Build and install5">2.6. The executable is corrupted after installation</a></b></dt>
     375<dt><b><a name="Build and install3">2.4. The executable is corrupted after installation</a></b></dt>
    381376<dd>The executable will get stripped during the installation. On
    382377        suitable systems (i386 Linux/FreeBSD currently), additionally
     
    388383        executable, therefore trying to strip manually after installation
    389384        will corrupt the executable.<br><br></dd>
    390 <dt><b><a name="Build and install6">2.7. --enable-xml-log has no effect</a></b></dt>
     385<dt><b><a name="Build and install4">2.5. --enable-xml-log has no effect</a></b></dt>
    391386<dd>If you have compiled for stealth, you won't see much, because if
    392387        obfuscated, then both a 'normal' and an XML logfile look,
    393388        well ... obfuscated. Use <code>samhain -jL /path/to/logfile</code>
    394389        to view the logfile.<br><br></dd>
    395 <dt><b><a name="Build and install7">2.8. ./install-sh: strip: not found (Solaris)</a></b></dt>
     390<dt><b><a name="Build and install5">2.6. ./install-sh: strip: not found (Solaris)</a></b></dt>
    396391<dd>Install the SUNWbtool package.<br><br></dd>
    397 <dt><b><a name="Build and install8">2.9. What is sh_tiger1.s?</a></b></dt>
     392<dt><b><a name="Build and install6">2.7. What is sh_tiger1.s?</a></b></dt>
    398393<dd>This is a precompiled assembly file for the i386 architecture
    399394generated from sh_tiger1.c using gcc 3.4.0 with the following options,
     
    411406it would be impossible to maintain a library of optimal compile options
    412407for every version of gcc.<br><br></dd>
    413 <dt><b><a name="Build and install9">2.10. Why does static compiling (<code>--enable-static</code>) on MaxOS X fail ?</a></b></dt>
     408<dt><b><a name="Build and install7">2.8. Why does static compiling (<code>--enable-static</code>) on MaxOS X fail ?</a></b></dt>
    414409<dd>Static linking is not supported on MacOS X, see
    415410<a href="http://developer.apple.com/qa/qa2001/qa1118.html">Technical Q&A QA1118</a>.
    416411This is a MacOS X issue and not a bug in samhain.<br><br></dd>
    417 <dt><b><a name="Build and install10">2.11. Why does compiling with MySQL fail on Solaris ?</a></b></dt>
     412<dt><b><a name="Build and install8">2.9. Why does compiling with MySQL fail on Solaris ?</a></b></dt>
    418413<dd>The reason is often the shell script 'mysql_config' that comes as part
    419414of MySQL. This script is intended to print appropriate compiler flags for
  • trunk/src/sh_dbIO.c

    r525 r538  
    409409{
    410410  dlog(1, file, line,
    411        _("There is a record with a bad version number in the file signature database: %s\n"),
     411       _("There is a record with a bad version number in the file signature database: %s\nThis may be caused by using '-t init' repeatedly to initialise the database, without (re)moving the database file.\n"),
    412412       (NULL == filepath) ? _("(null)") : filepath);
    413413  sh_error_handle((-1), file, line, 0, MSG_E_SUBGPATH,
Note: See TracChangeset for help on using the changeset viewer.