2009-06-07

Dealing with rkhunter warnings

rkhunter often warns on file property changes after upgrade and such, and sometimes you just aren't sure whether it is due to recent upgrades, or because you really were compromised. The following script was written to compare the checksum of all files rkhunter warns about against the originals in a debian repository.



The latest version of this is available in my script.git respos.




#!/bin/bash
desc="
This script will verify whether files for which rkhunter has logged a
warning for is still valid. It does this by finding which debian package
it came out of, and downloads them, unpacks them, then checks
the checksums.

Run it by supplying a rkhunter log file as first argument
"

HASHER="sha256sum"

IFS="
"
function find_suspect_files
{
echo "parsing $1 for suspect files" 1>&2
grep -1 Warning "$1"| grep File | sed 's|.*File: ||'
}

function find_packages
{
echo "finding packages" 1>&2
for suspect_file in $1
do
package=$(dpkg -S $suspect_file|awk '{print $1}'|sed 's/.$//')
echo "suspect file $suspect_file found in $package" 1>&2
echo $package
done

}

function make_aptitude_args
{
echo "generating aptitude arguments" 1>&2
for package in $1
do
version=$(dpkg -p $package | grep Version | awk '{print $2}')
echo $package=$version
done
}

function cleanup
{
echo "cleaning up"
popd
rm -rf tmp
exit $1
}

function setup
{
echo "setting up"
rm -rf tmp
mkdir tmp
pushd tmp
}

if [ $# -ne 1 ];
then
echo "$desc"
exit 1
fi

suspect_files=$(find_suspect_files "$1")

packages=$(find_packages "$suspect_files" | sort | uniq)

if [ -z "$packages" ];
then
echo "***WARNING****"
echo "No packages contain any of the suspect files!"
cleanup 1
fi

aptitude_args=$(make_aptitude_args "$packages")

setup

echo "downloading packages"
aptitude download $aptitude_args 1>/dev/null
if [ $? -ne 0 ];
then
echo "aptitude download failed!"
echo "args=$aptitude_args"
cleanup 1
fi

echo "unpacking"
for deb_file in *.deb
do
ar -x $deb_file
tar zxf data.tar.gz
rm -rf data.tar.gz control.tar.gz
done

for suspect_file in $suspect_files
do
if [ ! -f ".$suspect_file" ]
then
echo "***WARNING****"
echo "For some reason .$suspect_file does not exis!"
continue
fi
echo -n "verifying $suspect_file... "
suspect_sum=$($HASHER $suspect_file | awk '{print $1}')
clean_sum=$($HASHER ".$suspect_file" | awk '{print $1}')
if [ $suspect_sum == $clean_sum ];
then
echo "OK"
else
echo
echo "***WARNING****"
echo "Checksum mistmatch for $suspect_file!!!"
echo "Should be: $clean_sum"
echo "Is: $suspect_sum"
fi
done
cleanup


Cheers,

Steve

2009-06-04

microbric viper review

The microbric viper is neat. Good quality parts and unique idea. Makes a decent robotics platform if you get the wheel add-on. However, you gotta have small fingers to get some of the parts in place. Despite this, the hardware is solid, I like it. The one thing I would ask for however is more short-nuts and a printed manual, not a CDROM with a PDF. Take a leaf from LEGO and their construction manuals.



While the hardware is decent, the microbric viper is sadly let down by the software.



The microbric viper uses the basicAtom (by basicmicro), a PIC 16F87{6,7} with a custom bootloader. Now there is nothing wrong with this - arduino uses a custom bootloader too. However the custom bootloader uses a proprietary programming protocol. This is pretty fail, but what really fails is the programming software only runs under windows (or wine under ubuntu, but only for now).



IMHO the basic-esque language used by basicAtom is no better than what picaxe offers. I am completely at a lost as to why companies would use the basicmicro's products and lock themselves to a single supplier. Think about it: if basicmicro goes bust, your products using the basicAtom will not longer have a supported development environment.



Robotics companies need to seriously consider how their selection of controller will affect their customers - specifically those customers who aren't going to be running windows and staying with in the limits of whatever custom language designed by the controller vendors.



Arduino would be the best choice IMHO. Open hardware, open software. You don't have to pay premiums for the bootloader, and the number of people who will consider your product increases to include people like me.



I bought the microbric viper because it was on sale: reduced to $29 from $199. If I had known I could only program it under windows or that it used such a closed platform, I won't have bought it, even for that price.




Cheers,

Steve