Bug#926070: rkhunter: EggCounters from gnome-builder misreported

Sun, 31 Mar 2019 03:42:29 -0700 

Package: rkhunter
Version: 1.4.2-6+deb9u1
Severity: normal

Hallo,

rkhunter reports for example
"
Warning: Suspicious file types found in /dev:
         /dev/shm/EggCounters-9003: data
"
as a false positive,
looking at the content,
searching online,
and observing the behaviour (the file seems only to appears together with 
gnome-builder)

this is most likely created by gnome-builder,

suggestion add it to the rkhunter.conf file, by default in comment

hth,
Wim

-- System Information:
Debian Release: 9.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-8-amd64 (SMP w/8 CPU cores)
Locale: LANG=nl_BE.utf8, LC_CTYPE=nl_BE.utf8 (charmap=UTF-8), 
LANGUAGE=nl_BE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages rkhunter depends on:
ii  binutils               2.28-5
ii  debconf [debconf-2.0]  1.5.61
ii  file                   1:5.30-1+deb9u2
ii  lsof                   4.89+dfsg-0.1
ii  net-tools              1.60+git20161116.90da8a0-1
ii  perl                   5.24.1-3+deb9u5
ii  ucf                    3.0036

Versions of packages rkhunter recommends:
ii  bsd-mailx [mailx]                          8.1.2-0.20160123cvs-4
ii  curl                                       7.52.1-5+deb9u9
ii  exim4-daemon-light [mail-transport-agent]  4.89-2+deb9u3
ii  iproute2                                   4.9.0-1+deb9u1
ii  unhide                                     20130526-1
pn  unhide.rb                                  <none>
ii  wget                                       1.18-5+deb9u2

Versions of packages rkhunter suggests:
ii  liburi-perl     1.71-1
ii  libwww-perl     6.15-1
ii  powermgmt-base  1.31+nmu1

-- Configuration Files:
/etc/rkhunter.conf changed:
UPDATE_MIRRORS=0
MIRRORS_MODE=1
MAIL-ON-WARNING=wim
TMPDIR=/var/lib/rkhunter/tmp
DBDIR=/var/lib/rkhunter/db
SCRIPTDIR=/usr/share/rkhunter/scripts
LOGFILE=/var/log/rkhunter.log
APPEND_LOG=1
USE_SYSLOG=authpriv.warning
AUTO_X_DETECT=1
ALLOW_SSH_ROOT_USER=prohibit-password
ALLOW_SSH_PROT_V1=2
ENABLE_TESTS=all
DISABLE_TESTS=suspscan hidden_procs deleted_files packet_cap_apps apps
HASH_CMD=sha256sum
SCRIPTWHITELIST=/bin/egrep
SCRIPTWHITELIST=/bin/fgrep
SCRIPTWHITELIST=/bin/which
SCRIPTWHITELIST=/usr/bin/groups
SCRIPTWHITELIST=/usr/bin/ldd
SCRIPTWHITELIST=/usr/bin/lwp-request
SCRIPTWHITELIST=/usr/sbin/adduser
ALLOWHIDDENDIR=/etc/.java
ALLOWHIDDENDIR=/etc/.git
ALLOWHIDDENFILE=/etc/.gitignore
ALLOWHIDDENFILE=/etc/.etckeeper
ALLOWHIDDENFILE=/etc/.resolv.conf.NetworkManager
ALLOWDEVFILE=/dev/shm/pulse-shm-*
ALLOWDEVFILE=/dev/shm/PostgreSQL.*
ALLOWDEVFILE=/dev/shm/spice.*
ALLOWDEVFILE=/dev/shm/EggCounters-*
WEB_CMD="/bin/false"
DISABLE_UNHIDE=1
INSTALLDIR=/usr


-- debconf information:
  rkhunter/cron_db_update: true
  rkhunter/apt_autogen: false
  rkhunter/cron_daily_run: true

Reply via email to