problem with watchdog no md5

[Dr Tyler]

Hello,

I am reasonably new to server administration.

Our configuration is:

CPU AuthenticAMD, AMD Athlon(TM) XP 2600+
Version psa v8.3.0_build83080131.20 os_CentOS 4.2
OS Linux 2.6.9-55.0.9.EL


We just upgraded from plesk 8.2.1 to plesk 8.3.

So far all is fine except for two problems with watchdog. The first problem is the spam assassin/watch dog bug that has been reported on this thread:

http://forum.swsoft.com/showthread.p...t=SpamAssassin

Two, I ran a watchdog security scan from the plesk control panel after upgrading. I got an error in the report saying that md5 is not known (see the excerpt below). The rootkit hunter is fine and that portion of the scan runs fine as does everything else except for the MD5 checks that do not run. Has anyone else here had the some problem or do you have some suggestions for me?

I am part of a larger team of people who administer our server, and no one else has reported any other problems since the plesk 8.3 update.

Thank-you!

Tyler

WATCHDOG log excerpt

Scanning Log:
Running updater...

Mirrorfile /usr/local/psa/var/modules/watchdog/lib/rkhunter/db/mirrors.dat rotated
Using mirror http://www.rootkit.nl/rkhunter
[DB] Mirror file : Update available
Action: Database updated (current version: 2006041300, new version 2006092302)
[DB] MD5 hashes system binaries : Up to date
[DB] Operating System information : Update available
Action: Database updated (current version: 2006051200, new version 2006093000)
[DB] MD5 blacklisted tools/binaries : Up to date
[DB] Known good program versions : Up to date
[DB] Known bad program versions : Up to date

Ready.

Rootkit Hunter 1.2.8 is running

Determining OS... Unknown
Warning: This operating system is not fully supported!
Warning: Cannot find md5_not_known
All MD5 checks will be skipped!

 

[Dr Tyler]

A quick update. I spent a few hours last night and this morning checking out various things including some old rkhunter logs on some old backups on our second drive. It seems that the problem that I reported on predated our plesk 8.3 update. It turns out that we were having the problem on at least an intermittent basis prior to upgrading to plesk 8.2. It is hard to know exactly what happened with our watchdog scans because the person on our team who was doing this died in early Dec.

But the one watchdog scan that I found after we upgraded to plesk 8.2.1 showed no warnings at all. I took over the watchdog scans in the middle of January and there were no warnings until yesterday's scan (posted above).

What I think happened is that every so often watchdog can not find an OS ID, and with no OS ID the system tools portion of the scan is not run. Yesterday the security scan did not find an OS ID, when I went into the Plesk Control Panel and ran a watchdog scan today (and checked the rkhunter log) it found an OS ID. <shrug>

I'm slightly embarassed that I did not wait to post until I done more research. Thank-you everyone for your patience.

I still don't know what is the cause of this apparently intermittment problem is.

From rkhunter log dated February 19:

[15:01:08] ---------------------------- System checks ----------------------------
[15:01:08] Info: kernel is 2.6
[15:01:08] Info: Found /etc/redhat-release
[15:01:08] Warning: This operating system is not fully supported!
[15:01:08] Info: Full OS name = CentOS release 4.5 (Final)
[15:01:08] Info: OS ID = NA
[15:01:08] Info: Using md5_not_known to verify MD5 hashes
[15:01:08] Info: using /usr/local/psa/var/modules/watchdog/lib/rkhunter/tmp as temporary directory
[15:01:08] Info: Perl version 5.8.5 found
[15:01:09] Info: Digest::MD5 installed (version 2.33).
[15:01:09] Info: Using Perl Digest::MD5 module instead of /usr/bin/md5sum
[15:01:09] Info: Digest::SHA1 installed (version 2.07).

And from rkhunter log dated Feb 20:

[11:27:45] ---------------------------- System checks ----------------------------
[11:27:45] Info: kernel is 2.6
[11:27:45] Info: Found /etc/redhat-release
[11:27:45] Info: Full OS name = CentOS release 4.5 (Final)
[11:27:45] Info: OS ID = 744
[11:27:45] Info: Using /usr/bin/md5sum to verify MD5 hashes
[11:27:45] Info: /usr/bin/md5sum found
[11:27:45] Info: using /usr/local/psa/var/modules/watchdog/lib/rkhunter/tmp as temporary directory
[11:27:45] Info: Perl version 5.8.5 found
[11:27:45] Info: Digest::MD5 installed (version 2.33).
[11:27:45] Info: Using Perl Digest::MD5 module instead of /usr/bin/md5sum
[11:27:45] Info: Digest::SHA1 installed (version 2.07).
[11:27:45] Info: ksyms file check will be skipped (/proc/ksyms not available on this system)

Finally the first portion of a copy of the watchdog security scan from plesk on Feb. 20:

Scanning Log:
Running updater...

Mirrorfile /usr/local/psa/var/modules/watchdog/lib/rkhunter/db/mirrors.dat rotated
Using mirror http://rkhunter.sourceforge.net
[DB] Mirror file : Up to date
[DB] MD5 hashes system binaries : Update available
Action: Database updated (current version: 2006022800, new version 2006111900)
[DB] Operating System information : Update available
Action: Database updated (current version: 2006093000, new version 2007061401)
[DB] MD5 blacklisted tools/binaries : Up to date
[DB] Known good program versions : Update available
Action: Database updated (current version: 2006031400, new version 2007071701)
[DB] Known bad program versions : Up to date




Ready.


Rootkit Hunter 1.2.8 is running

Determining OS... Ready


Checking binaries
* Selftests
Strings (command) [ OK ]


* System tools
Info: prelinked files found
Performing 'known bad' check...
/bin/cat [ OK ]
/bin/chmod [ OK ]
/bin/chown [ OK ]
/bin/csh [ OK ]
/bin/date [ OK ]
<rest deleted>

Have a nice day, everyone! I'll post back if we should figure anything out.

Tyler