Your message dated Tue, 25 Nov 2008 23:02:04 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#497253: fixed in chkrootkit 0.48-7
has caused the Debian Bug report #497253,
regarding chkrootkit: LKM Trojan false positives with 'while true; do find
/proc >/dev/null; done'
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
497253: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497253
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: chkrootkit
Version: 0.48-5
Severity: normal
Run
# while true; do find /proc >/dev/null; done&
and /usr/lib/chkrootkit/chkproc will report hidden processes:
You have 17 process hidden for readdir command
You have 17 process hidden for ps command
and chkrootkit will suspect an LKM Trojan running (not every time, however).
This is what I sometimes receive from the cron job:
You have 2 process hidden for readdir command
You have 2 process hidden for ps command
chkproc: Warning: Possible LKM Trojan installed
See also
http://linux.derkeiler.com/Mailing-Lists/Fedora/2008-05/msg01397.html
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (900, 'testing'), (100, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages chkrootkit depends on:
ii binutils 2.18.1~cvs20080103-7 The GNU assembler, linker and bina
ii debconf [debconf-2. 1.5.22 Debian configuration management sy
ii libc6 2.7-13 GNU C Library: Shared libraries
ii net-tools 1.60-19 The NET-3 networking toolkit
ii procps 1:3.2.7-8 /proc file system utilities
chkrootkit recommends no packages.
chkrootkit suggests no packages.
-- debconf information:
* chkrootkit/run_daily: true
* chkrootkit/run_daily_opts: -q
* chkrootkit/diff_mode: false
--- End Message ---
--- Begin Message ---
Source: chkrootkit
Source-Version: 0.48-7
We believe that the bug you reported is fixed in the latest version of
chkrootkit, which is due to be installed in the Debian FTP archive:
chkrootkit_0.48-7.diff.gz
to pool/main/c/chkrootkit/chkrootkit_0.48-7.diff.gz
chkrootkit_0.48-7.dsc
to pool/main/c/chkrootkit/chkrootkit_0.48-7.dsc
chkrootkit_0.48-7_amd64.deb
to pool/main/c/chkrootkit/chkrootkit_0.48-7_amd64.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <[EMAIL PROTECTED]> (supplier of updated chkrootkit package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Tue, 25 Nov 2008 12:09:17 +0100
Source: chkrootkit
Binary: chkrootkit
Architecture: source amd64
Version: 0.48-7
Distribution: unstable
Urgency: low
Maintainer: Giuseppe Iuculano <[EMAIL PROTECTED]>
Changed-By: Giuseppe Iuculano <[EMAIL PROTECTED]>
Description:
chkrootkit - rootkit detector
Closes: 477945 479187 497253 506721
Changes:
chkrootkit (0.48-7) unstable; urgency=low
.
* New maintainer, thanks to Francois Marier for the prior work on chkrootkit.
(Closes: #506721)
* debian/patches/fixwarnings.dpatch: Some little fixes to silence compiler.
* added debian/README.source to document dpatch usage, as required by Debian
Policy since 3.8.0
* debian/control:
+ Set me as maintainer
+ set DM-Upload-Allowed: yes control field
+ Added ${misc:Depends} in Depends
* debian/patches/nophpcheck.dpatch: Delete the "suspect PHP files" check.
Not only does it trigger SIGPIPE for file names which contain special
unescaped characters, the second half is doubtful (it doesn't print any
filenames and gets confused by binary file contents). (Closes: #479187)
* debian/patches/logpath.dpatch: Read logs from /var/log instead of /var/adm
* debian/patches/procpsv3.dpatch: Let chkproc default to procps version 3.
(Closes: #477945) (Closes: #497253)
Checksums-Sha1:
f73431249dddd8fa892922a3f33aa0782c2054f8 1248 chkrootkit_0.48-7.dsc
ece40c4ce04b7d315a9bae315817ab03fb32a691 30976 chkrootkit_0.48-7.diff.gz
553282cb1b1933a3325dc3e5a2e779af9ac93d46 308130 chkrootkit_0.48-7_amd64.deb
Checksums-Sha256:
aad7570e8a850cf6d3ee4edc95fff8bca36c138552cec407f1aaf624139e109c 1248
chkrootkit_0.48-7.dsc
4470b21138c9eadb0f5019646a4e0cf2085f71657f4ace147a7e5bed665f0ccc 30976
chkrootkit_0.48-7.diff.gz
90005cd9dc73dcb90ccd475ee21191ba646032b033d8f407f0b09c48f228293d 308130
chkrootkit_0.48-7_amd64.deb
Files:
2334adc862704ce6fff9492bdd0165c3 1248 misc optional chkrootkit_0.48-7.dsc
3cd2bf79d43410bd6e3a45809fb8524b 30976 misc optional chkrootkit_0.48-7.diff.gz
7936952ab1a05face230e2aea6d307dc 308130 misc optional
chkrootkit_0.48-7_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkksgpYACgkQScUZKBnQNIbWgACgtC89PZY67lwB2AxFFmY1UJqA
Bl4An3RiEMMmEnldNf20VOOf3uBM7dZ2
=S29T
-----END PGP SIGNATURE-----
--- End Message ---
