Your message dated Mon, 30 Jan 2012 19:14:25 +0100
with message-id <[email protected]>
and subject line Re: Bug#658003: rkhunter: falso positivo con hdparm (?)
has caused the Debian Bug report #658003,
regarding rkhunter: falso positivo con hdparm (?)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
658003: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658003
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: rkhunter
Version: 1.3.6-4
Severity: normal

#File /var/log/rkhunter.log
[13:46:28]     Checking for string 'hdparm'                  [ Warning ]
[13:46:28]     Checking for string '/lib/ldd.so/tkps'        [ Not found ]
[13:46:28]     Checking for string 't0rnkit'                 [ Not found ]
[13:46:28]     Checking for string '/dev/proc/fuckit'        [ Not found ]
[13:46:28]     Checking for string 'libproc.so.2.0.7'        [ Not found ]
[13:46:29]     Checking for string 'libproc.so.2.0.7'        [ Not found ]
[13:46:29]     Checking for string 'libproc.so.2.0.7'        [ Not found ]
[13:46:29]     Checking for string '/usr/lib/ldlibct.so'     [ Not found ]
[13:46:29]     Checking for string '/usr/lib/ldlibdu.so'     [ Not found ]
[13:46:29]     Checking for string '/dev/ptyxx/.file'        [ Not found ]
[13:46:29]     Checking for string 'libproc.so.2.0.7'        [ Not found ]
[13:46:29]     Checking for string '/dev/ida/.inet'          [ Not found ]
[13:46:29] Warning: Checking for possible rootkit strings    [ Warning ]
[13:46:29]          Found string 'hdparm' in file '/etc/init.d/hdparm'. 
Possible rootkit: Xzibit Rootkit
[13:46:29]          Found string 'hdparm' in file '/etc/init.d/.depend.boot'. 
Possible rootkit: Xzibit Rootkit


mama@zeuza:~$ whereis hdparm
hdparm: /sbin/hdparm /etc/hdparm.conf /usr/share/man/man8/hdparm.8.gz

mama@zeuza:~$ md5sum /sbin/hdparm
5f74fb3bd3a1b50e803d139a7aa10695  /sbin/hdparm

mama@zeuza:~$ sha1sum /sbin/hdparm
50e94ee5f91c5bae7a626c7deaf6dccb96fd8d81  /sbin/hdparm

mama@zeuza:~$ sha256sum /sbin/hdparm
73f7525ae08a8d9faa9c91a0c96c7b54cfbb21ed91baa398ddcfb5ee33b1a3f5  /sbin/hdparm
mama@zeuza:~$ 

-- http://packages.debian.org/squeeze/i386/hdparm/download
MD5 checksum    2c05b8d28cd08a31e93409491b71423b
SHA1 checksum   101e7372cc2de13866a8d423c020857def65c48e
SHA256 checksum         
5ec7ca9fd92f33148d9c5a0b0929955fccd0ab7e480512b8b93f4811d0d2a35c

-- System Information:
Debian Release: 6.0.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/2 CPU cores)
Locale: LANG=es_AR.UTF-8, LC_CTYPE=es_AR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages rkhunter depends on:
ii  binutils               2.20.1-16         The GNU assembler, linker and bina
ii  debconf [debconf-2.0]  1.5.36.1          Debian configuration management sy
ii  file                   5.04-5            Determines file type using "magic"
ii  net-tools              1.60-23           The NET-3 networking toolkit
ii  perl                   5.10.1-17squeeze3 Larry Wall's Practical Extraction 
ii  sendmail               8.14.3-9.4        powerful, efficient, and scalable 
ii  sendmail-bin [mail-tra 8.14.3-9.4        powerful, efficient, and scalable 

Versions of packages rkhunter recommends:
ii  iproute                20100519-3        networking and traffic control too
ii  lsof                   4.81.dfsg.1-1     List open files
ii  perl [libdigest-sha-pe 5.10.1-17squeeze3 Larry Wall's Practical Extraction 
ii  unhide                 20100201-1        Forensic tool to find hidden proce
ii  wget                   1.12-2.1          retrieves files from the web

Versions of packages rkhunter suggests:
ii  bsd-mailx          8.1.2-0.20100314cvs-1 simple mail user agent
pn  tripwire           <none>                (no description available)

-- debconf information:
  rkhunter/apt_autogen: false
  rkhunter/cron_daily_run:
  rkhunter/cron_db_update:



--- End Message ---
--- Begin Message ---
Le lundi 30 janv. 2012 à 18:06:16 (+0100 CET), Fabián Bonetti a écrit :
> Package: rkhunter
> Version: 1.3.6-4
> Severity: normal
> 
> #File /var/log/rkhunter.log
> [13:46:28]     Checking for string 'hdparm'                  [ Warning ]
> [13:46:28]     Checking for string '/lib/ldd.so/tkps'        [ Not found ]
> [13:46:28]     Checking for string 't0rnkit'                 [ Not found ]
> [13:46:28]     Checking for string '/dev/proc/fuckit'        [ Not found ]
> [13:46:28]     Checking for string 'libproc.so.2.0.7'        [ Not found ]
> [13:46:29]     Checking for string 'libproc.so.2.0.7'        [ Not found ]
> [13:46:29]     Checking for string 'libproc.so.2.0.7'        [ Not found ]
> [13:46:29]     Checking for string '/usr/lib/ldlibct.so'     [ Not found ]
> [13:46:29]     Checking for string '/usr/lib/ldlibdu.so'     [ Not found ]
> [13:46:29]     Checking for string '/dev/ptyxx/.file'        [ Not found ]
> [13:46:29]     Checking for string 'libproc.so.2.0.7'        [ Not found ]
> [13:46:29]     Checking for string '/dev/ida/.inet'          [ Not found ]
> [13:46:29] Warning: Checking for possible rootkit strings    [ Warning ]
> [13:46:29]          Found string 'hdparm' in file '/etc/init.d/hdparm'. 
> Possible rootkit: Xzibit Rootkit
> [13:46:29]          Found string 'hdparm' in file '/etc/init.d/.depend.boot'. 
> Possible rootkit: Xzibit Rootkit

Please check README.Debian which contains information regarding usual well
known false positives.

Cheers,
Julien

-- 
  .''`.   Julien Valroff ~ <[email protected]> ~ <[email protected]>    
 : :'  :  Debian Developer & Free software contributor
 `. `'`   http://www.kirya.net/
   `-     4096R/ E1D8 5796 8214 4687 E416  948C 859F EF67 258E 26B1


--- End Message ---

Reply via email to