Your message dated Tue, 25 Nov 2008 08:38:12 +0100
with message-id <[EMAIL PROTECTED]>
and subject line chkrootkit: LKM false positive with network aliasing (eth0:N)
has caused the Debian Bug report #420887,
regarding chkrootkit: LKM false positive with network aliasing (eth0:N)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
420887: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=420887
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: chkrootkit
Version: 0.47-1.1
Severity: normal
Hello,
since I have updated my system to have five IP aliases (eth0:0 ..
eth0:4), I get reports from chkrootkit that I have "4 processes hidden
from view".
/etc/cron.daily/chkrootkit:
The following suspicious files and directories were found:
/usr/lib/ruby/gems/1.8/gems/actionpack-1.13.3/examples/.htaccess
INFECTED (PORTS: 465)
You have 4 process hidden for readdir command
You have 4 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
A cross check with 'rkhunter' reveals no such hidden processes, and a
careful audit of system logs and comparison with backups before the
upgrade shows no suspicious activitiy, added files, or other things
pointing towards a rootkit (so I'm really sure my system is clean).
Since chkrootkit is known for reporting occasional false positives,
maybe this can be explained and fixed?
Thanks,
Jens ([EMAIL PROTECTED])
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.29hf32.3-jb-060327
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages chkrootkit depends on:
ii binutils 2.15-6 The GNU assembler, linker and bina
ii debconf [debconf-2.0] 1.4.30.13 Debian configuration management sy
ii libc6 2.3.2.ds1-22sarge6 GNU C Library: Shared libraries an
ii net-tools 1.60-10 The NET-3 networking toolkit
ii procps 1:3.2.1-2 The /proc file system utilities
-- debconf information:
* chkrootkit/run_daily: true
* chkrootkit/run_daily_opts: -q
* chkrootkit/diff_mode: false
--- End Message ---
--- Begin Message ---
Source: chkrootkit
Source-Version: 0.48-2
Hi,
from chkrootkit 0.48-2 revision, we have a new option to exclude false
positives, so I think this bug is fixed. Feel free to reopen if necessary.
Giuseppe.
signature.asc
Description: OpenPGP digital signature
--- End Message ---
