Your message dated Sat, 01 Oct 2005 14:17:42 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Use /etc/rkhunter.conf ALLOWHIDDEN* options
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 29 Sep 2005 23:14:23 +0000
>From [EMAIL PROTECTED] Thu Sep 29 16:14:23 2005
Return-path: <[EMAIL PROTECTED]>
Received: from posti6.jyu.fi [130.234.4.43]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1EL7ba-0006jC-00; Thu, 29 Sep 2005 16:14:22 -0700
Received: from localhost (localhost.localdomain [127.0.0.1])
by posti6.jyu.fi (8.13.4/8.13.4) with ESMTP id j8TNDnEi013839
for <[EMAIL PROTECTED]>; Fri, 30 Sep 2005 02:13:49 +0300
Received: from posti6.jyu.fi ([127.0.0.1])
by localhost (posti6.jyu.fi [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
id 13713-08; Fri, 30 Sep 2005 02:13:48 +0300 (EEST)
Received: from heresy.ainola.jyu.fi (heresy.ainola.jyu.fi [130.234.191.114])
by posti6.jyu.fi (8.13.4/8.13.4) with ESMTP id j8TNDlgP013831;
Fri, 30 Sep 2005 02:13:48 +0300
Received: by heresy.ainola.jyu.fi (Postfix, from userid 1000)
id 0EA6A42700; Fri, 30 Sep 2005 02:13:51 +0300 (EEST)
Date: Fri, 30 Sep 2005 02:13:51 +0300
From: Juhapekka Tolvanen <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: Some false positives
Message-ID: <[EMAIL PROTECTED]>
Reply-To: Juhapekka Tolvanen <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
X-Reportbug-Version: 3.17
X-Mailer-URL: http://www.mutt.org/
X-Editor: Vim http://www.vim.org/
User-Agent: Mutt/1.5.11
X-Virus-Scanned: amavisd-new at cc.jyu.fi
Content-Transfer-Encoding: quoted-printable
X-MIME-Autoconverted: from 8bit to quoted-printable by posti6.jyu.fi id
j8TNDnEi013839
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: rkhunter
Version: 1.2.7-13
Severity: normal
---- Clip here ----
Found warnings:
[01:38:52] - File /usr/bin/slice... WARNING! Exists.
[01:42:15] WARNING, found: /dev/.udevdb (directory) /dev/.static (direc=
tory) /usr/bin/.xmcd_start (Bourne shell script text executable)=20
---- Clip here ----
/usr/bin/slice belongs to a package called "slice". /usr/bin/.xmcd_start
belongs to a package called "xmcd".
-- System Information:
Debian Release: testing/unstable
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=3DISO-8859-15)
Versions of packages rkhunter depends on:
ii debconf [debconf 1.4.58 Debian configuration managem=
ent sy
ii file 4.12-1 Determines file type using "=
magic"
ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent
ii wget 1.10.1-1 retrieves files from the web
rkhunter recommends no packages.
-- debconf information:
* rkhunter/cron_daily_run: true
* rkhunter/cron_db_update: true
--=20
Juhapekka "naula" Tolvanen * http colon slash slash iki dot fi slash juht=
olv
"Pahat enteet hiljaisuuden kaiken t=E4ytt=E4=E4. Niin tuskaisen l=E4sn=E4=
joka hetki,
vaikka p=E4=E4n pois k=E4=E4nt=E4=E4. Vaikka sulkisi silm=E4t kuva s=E4il=
yy, eik=E4 mee
minnek=E4=E4n, muttei silti tule luo, vaan tuijottaa tuijottamistaan." A=
pulanta
---------------------------------------
Received: (at 330832-done) by bugs.debian.org; 1 Oct 2005 12:18:23 +0000
>From [EMAIL PROTECTED] Sat Oct 01 05:18:23 2005
Return-path: <[EMAIL PROTECTED]>
Received: from smtp9.wanadoo.fr [193.252.22.22]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1ELgJq-00056C-00; Sat, 01 Oct 2005 05:18:23 -0700
Received: from me-wanadoo.net (localhost [127.0.0.1])
by mwinf0902.wanadoo.fr (SMTP Server) with ESMTP id 600BA1C001F5
for <[EMAIL PROTECTED]>; Sat, 1 Oct 2005 14:17:50 +0200 (CEST)
Received: from venus.kirya.net (ANancy-154-1-59-231.w83-196.abo.wanadoo.fr
[83.196.185.231])
by mwinf0902.wanadoo.fr (SMTP Server) with ESMTP id 41B5C1C001F3
for <[EMAIL PROTECTED]>; Sat, 1 Oct 2005 14:17:50 +0200 (CEST)
X-ME-UUID: [EMAIL PROTECTED]
Received: from localhost (localhost.localdomain [127.0.0.1])
by venus.kirya.net (Postfix) with ESMTP id 3F165873D7
for <[EMAIL PROTECTED]>; Sat, 1 Oct 2005 14:17:49 +0200 (CEST)
Received: from athena.kirya.net (athena.kirya.net [192.168.1.51])
by venus.kirya.net (Postfix) with ESMTP id 43735873D4
for <[EMAIL PROTECTED]>; Sat, 1 Oct 2005 14:17:43 +0200 (CEST)
Subject: Use /etc/rkhunter.conf ALLOWHIDDEN* options
From: Julien Valroff <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="=-QIQ1rbbrp4YH5FJBgH49"
Date: Sat, 01 Oct 2005 14:17:42 +0200
Message-Id: <[EMAIL PROTECTED]>
Mime-Version: 1.0
X-Mailer: Evolution 2.2.3
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at kirya.net
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
--=-QIQ1rbbrp4YH5FJBgH49
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
Hi,
Regarding hidden files and directories, you can use ALLOWHIDDENFILES and
ALLOWHIDDENDIRS options in rkhunter.conf to avoid such warnings.
/usr/bin/slice is also part of RH-Sharpe's rootkit, which explains why
rkhunter warns about this file. I'm currently busy trying to list the
Debian packages that can set off false alarms in rkhunter.
This non-exhaustive list will be part of the next rkhunter package.
Cheers,
Julien
--=-QIQ1rbbrp4YH5FJBgH49
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQBDPn5laxDuRdoK7O0RAkn0AJ9RHWm3MqoDue/ntImgpLYLnQS3qgCfQ391
IfHE64hYnDjkZLF/wFbt5gE=
=gWxo
-----END PGP SIGNATURE-----
--=-QIQ1rbbrp4YH5FJBgH49--
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
