Your message dated Wed, 19 Aug 2009 12:49:31 +0000
with message-id <[email protected]>
and subject line Bug#542139: fixed in rkhunter 1.3.4-7
has caused the Debian Bug report #542139,
regarding rkhunter: Spurious warnings when access to /proc/kallsyms is disabled
for security reasons
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
542139: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542139
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: rkhunter
Version: 1.3.4-6
Severity: normal
Tags: patch
Certain security frameworks (e.g. grsecurity) prevent programs from reading
/proc/kallsyms.
The file exists but it returns error when you try to read from it. I end up
receiving
these emails every day:
From: Anacron <r...@localhost>
To: r...@localhost
Subject: Anacron job 'cron.daily' on localhost
/etc/cron.daily/rkhunter:
grep: /proc/kallsyms: Input/output error
grep: /proc/kallsyms: Input/output error
grep: /proc/kallsyms: Input/output error
grep: /proc/kallsyms: Input/output error
grep: /proc/kallsyms: Input/output error
grep: /proc/kallsyms: Input/output error
grep: /proc/kallsyms: Input/output error
grep: /proc/kallsyms: Input/output error
grep: /proc/kallsyms: Input/output error
grep: /proc/kallsyms: Input/output error
grep: /proc/kallsyms: Input/output error
grep: /proc/kallsyms: Input/output error
I have attached a patch which disables this check (as if /proc/kallsyms was
missing) if
the "file" is not readable.
Cheers,
Francois
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30.5-grsec (SMP w/2 CPU cores; PREEMPT)
Shell: /bin/sh linked to /bin/dash
Versions of packages rkhunter depends on:
ii binutils 2.19.51.20090805-1 The GNU assembler, linker and bina
ii debconf [debconf-2.0] 1.5.27 Debian configuration management sy
ii exim4 4.69-11 metapackage to ease Exim MTA (v4)
ii exim4-daemon-light [m 4.69-11 lightweight Exim MTA (v4) daemon
ii file 5.03-1 Determines file type using "magic"
ii net-tools 1.60-23 The NET-3 networking toolkit
ii perl 5.10.0-24 Larry Wall's Practical Extraction
Versions of packages rkhunter recommends:
ii curl 7.19.5-1 Get a file from an HTTP, HTTPS or
ii iproute 20090324-1 networking and traffic control too
ii lsof 4.81.dfsg.1-1 List open files
pn unhide <none> (no description available)
ii wget 1.11.4-4 retrieves files from the web
Versions of packages rkhunter suggests:
pn bsd-mailx <none> (no description available)
pn tripwire <none> (no description available)
-- debconf information:
* rkhunter/apt_autogen: true
* rkhunter/cron_daily_run: true
* rkhunter/cron_db_update: true
--- /usr/bin/rkhunter 2009-07-29 05:01:56.000000000 +1200
+++ rkhunter 2009-08-18 14:31:47.000000000 +1200
@@ -12316,6 +12316,15 @@
elif [ -f "${RKHROOTDIR}/proc/kallsyms" ]; then
KSYMS_FILE="${RKHROOTDIR}/proc/kallsyms"
fi
+
+ #
+ # Check to make sure that the symbols are readable
+ # as certain security frameworks hide this.
+ #
+
+ if ! head -1 /proc/kallsyms > /dev/null 2>&1 ; then
+ KSYMS_FILE=""
+ fi
fi
--- End Message ---
--- Begin Message ---
Source: rkhunter
Source-Version: 1.3.4-7
We believe that the bug you reported is fixed in the latest version of
rkhunter, which is due to be installed in the Debian FTP archive:
rkhunter_1.3.4-7.diff.gz
to pool/main/r/rkhunter/rkhunter_1.3.4-7.diff.gz
rkhunter_1.3.4-7.dsc
to pool/main/r/rkhunter/rkhunter_1.3.4-7.dsc
rkhunter_1.3.4-7_all.deb
to pool/main/r/rkhunter/rkhunter_1.3.4-7_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julien Valroff <[email protected]> (supplier of updated rkhunter package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 19 Aug 2009 14:29:56 +0200
Source: rkhunter
Binary: rkhunter
Architecture: source all
Version: 1.3.4-7
Distribution: unstable
Urgency: low
Maintainer: Julien Valroff <[email protected]>
Changed-By: Julien Valroff <[email protected]>
Description:
rkhunter - rootkit, backdoor, sniffer and exploit scanner
Closes: 542139
Changes:
rkhunter (1.3.4-7) unstable; urgency=low
.
* Bumped Standards-Version to 3.8.3
* Added patch to ensure /proc/kallsyms is readable, as some
security frameworks prevent programs from reading it
Thanks to Francois Marier <[email protected]> (Closes: #542139)
* Added description to patches
* Added README.source
Checksums-Sha1:
86a89c08aab9bff7fce17daed909c1a87584add7 1203 rkhunter_1.3.4-7.dsc
e1fc8dd6a73bd0ae032e9ee845d2b7eee06a4de1 23753 rkhunter_1.3.4-7.diff.gz
383e0ceffb0becf3398c1d67926f13f8cc56454e 272940 rkhunter_1.3.4-7_all.deb
Checksums-Sha256:
e7b22358b5eccf3cc4d4c815794edc034920ce8dc243662c82804402f69d8037 1203
rkhunter_1.3.4-7.dsc
e52a8a22fbef02a4985fc88a21ef4969302a4b4bd02f3e2e189db753499435ce 23753
rkhunter_1.3.4-7.diff.gz
a91081256eb115a123a602d8887125c6e454afb2536cca87a8953f48f1a1e3f8 272940
rkhunter_1.3.4-7_all.deb
Files:
8d6fb0294f96234fa9e6c6835c393400 1203 admin optional rkhunter_1.3.4-7.dsc
87cfa6cf6f5f9910f7c56e7349169a53 23753 admin optional rkhunter_1.3.4-7.diff.gz
20306183495b69dbaf1b75c5198cdcc0 272940 admin optional rkhunter_1.3.4-7_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqL8LoACgkQIQvyq59x1EmYZgCghiwIkfL+/3K5kW2j36wCj1SE
UTEAn3O94/SxvGzXFjkqHMgL+4ovJSwW
=tnZX
-----END PGP SIGNATURE-----
--- End Message ---
