Your message dated Sat, 14 Apr 2018 11:21:44 -0700
with message-id <20180414182144.ga29...@akranes.dyn.fmarier.org>
and subject line Fixed
has caused the Debian Bug report #816089,
regarding rkhunter: "Found preloaded shared library" test not understanding 
comments
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
816089: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816089
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: rkhunter
Version: 1.4.2-5
Severity: normal

Dear Maintainer,

A commented out entry in /etc/ld.so.preload is interpreted as a filename in 
rkhunter:

pi> cat /etc/ld.so.preload
#/usr/lib/arm-linux-gnueabihf/libcofi_rpi.so

This alerts:
Warning: Found preloaded shared library: 
#/usr/lib/arm-linux-gnueabihf/libcofi_rpi.so

If I add this commented out entry to SHARED_LIB_WHITELIST to try to
fool rkhunter, naturally it doesn't like that this doesn't look like
an absolute filename:

SHARED_LIB_WHITELIST="/usr/lib/arm-linux-gnueabihf/libcofi_rpi.so 
#/usr/lib/arm-linux-gnueabihf/libcofi_rpi.so"

Invalid SHARED_LIB_WHITELIST configuration option: Relative pathname: 
#/usr/lib/arm-linux-gnueabihf/libcofi_rpi.so

It'd be better if rkhunter understood the comment meant the library
wasn't loaded and hence could not possibly be a threat that had to be
tested.



-- System Information:
Distributor ID: Raspbian
Description:    Raspbian GNU/Linux 8.0 (jessie)
Release:        8.0
Codename:       jessie
Architecture: armv6l

Kernel: Linux 3.18.7+ (PREEMPT)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages rkhunter depends on:
ii  binutils               2.25-5
ii  debconf [debconf-2.0]  1.5.56
ii  file                   1:5.22+15-2+deb8u1
ii  lsof                   4.86+dfsg-1
ii  net-tools              1.60-26
ii  perl                   5.20.2-3+deb8u3
ii  ucf                    3.0030

Versions of packages rkhunter recommends:
ii  bsd-mailx [mailx]                    8.1.2-0.20141216cvs-2
ii  curl                                 7.38.0-4+deb8u3
ii  iproute2                             4.3.0-1
ii  sendmail-bin [mail-transport-agent]  8.14.4-8
ii  unhide                               20130526-1
ii  unhide.rb                            22-2
ii  wget                                 1.16-1

Versions of packages rkhunter suggests:
ii  liburi-perl     1.64-1
ii  libwww-perl     6.08-1
ii  powermgmt-base  1.31+nmu1

-- Configuration Files:
/etc/rkhunter.conf changed:
ROTATE_MIRRORS=1
UPDATE_MIRRORS=1
MIRRORS_MODE=0
MAIL-ON-WARNING="tconnors"
MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}"
TMPDIR=/var/lib/rkhunter/tmp
DBDIR=/var/lib/rkhunter/db
SCRIPTDIR=/usr/share/rkhunter/scripts
BINDIR="/bin /usr/bin /sbin /usr/sbin /usr/local/bin /usr/local/sbin 
/usr/libexec /usr/local/libexec"
UPDATE_LANG=""
LOGFILE=/var/log/rkhunter.log
APPEND_LOG=0
COPY_LOG_ON_ERROR=0
COLOR_SET2=0
AUTO_X_DETECT=1
WHITELISTED_IS_WHITE=0
ALLOW_SSH_ROOT_USER=yes
ALLOW_SSH_PROT_V1=0
ENABLE_TESTS="all"
DISABLE_TESTS="suspscan hidden_procs deleted_files packet_cap_apps apps 
immutable"
USER_FILEPROP_FILES_DIRS="/etc/rkhunter.conf"
USER_FILEPROP_FILES_DIRS="/usr/lib/arm-linux-gnueabihf/libcofi_rpi.so"
USER_FILEPROP_FILES_DIRS="/usr/sbin/ifstatus"
SCRIPTWHITELIST=/bin/egrep
SCRIPTWHITELIST=/bin/fgrep
SCRIPTWHITELIST=/bin/which
SCRIPTWHITELIST=/usr/bin/groups
SCRIPTWHITELIST=/usr/bin/ldd
SCRIPTWHITELIST=/usr/sbin/adduser
SCRIPTWHITELIST=/usr/sbin/unhide.rb
SCRIPTWHITELIST=/usr/sbin/ifstatus
ALLOWHIDDENDIR=/dev/.mdadm
ALLOWHIDDENDIR=/dev/.udev
ALLOWHIDDENDIR=/dev/.static
ALLOWHIDDENDIR=/dev/.initramfs
ALLOWHIDDENDIR=/etc/.java
ALLOWHIDDENFILE=/etc/.serial.conf.old
ALLOWHIDDENFILE=/dev/.mdadm.map
ALLOWHIDDENFILE=/dev/.tmp-block-*:*
ALLOWPROCLISTEN=/sbin/dhclient3
ALLOWDEVFILE=/dev/shm/pulse-shm-*
ALLOWDEVFILE=/dev/shm/network/ifstate
ALLOWDEVFILE=/dev/shm/resolvconf/resolv.conf
ALLOWDEVFILE=/dev/shm/resolvconf/interface/eth0
ALLOWDEVFILE=/dev/shm/resolvconf/interface/wlan0
ALLOWDEVFILE=/dev/shm/resolvconf/interface/lo.pdnsd
INETD_ALLOWED_SVC=nntp
UID0_ACCOUNTS="sashroot"
ALLOW_SYSLOG_REMOTE_LOGGING=0
APP_WHITELIST="0.9.8o gpg:1.4.10 sshd:5.5p1 exim:4.71"
SUSPSCAN_DIRS="/tmp /var/tmp"
SUSPSCAN_TEMP=/dev/shm
SUSPSCAN_MAXSIZE=10240000
SUSPSCAN_THRESH=200
RTKT_FILE_WHITELIST="/etc/init.d/hdparm:hdparm"
RTKT_FILE_WHITELIST="/etc/init.d/.depend.boot:hdparm"
SHARED_LIB_WHITELIST="/usr/lib/arm-linux-gnueabihf/libcofi_rpi.so"
USE_LOCKING=0
LOCK_TIMEOUT=300
SHOW_LOCK_MSGS=1
DISABLE_UNHIDE=1
INSTALLDIR="/usr"


-- debconf information:
  rkhunter/cron_daily_run: true
  rkhunter/apt_autogen: true
  rkhunter/cron_db_update: true

--- End Message ---
--- Begin Message ---
Version: 1.4.4-1

According to the upstream developers, this bug should be fixed. If that's
not the case, please reopen.

Francois

-- 
https://fmarier.org/

--- End Message ---

Reply via email to