package rkhunter tags 511498 = unreproducible thanks Le dimanche 15 février 2009 à 23:20 +0100, Christoph Anton Mitterer a écrit : > On Thu, 2009-02-12 at 20:40 +0100, Julien Valroff wrote: [...] > > > Your report doesn't state package information (while you seem to have > > > used reportbug - if that's the case, please leave the appropriate > > > pseudo-headers next time). > Sorry,... I used reportbug on a system where rkhunter wasn't > installed,.. and my observations were done on another ;) > > I just tried it again,.. and e.g. /etc/.java is still not found. Strange, it is well found on several of my machines where it is present. [...]
Given all the elements you have described, I cannot see any reason why rkhunter doesn't warn you. Can you please forward the log file of 'rkhunter --enable filesystem'? > > > Regarding wpa_supplicant, it is not a rootkit, I do not see why rkhunter > > > should report it? > Actually I don't know ;) ... it's just because chkrootkit reports it (it > reports both, dhclient3 and wpa_supplicant, while rkhunter reports only > dhclient3). > And there is even a entry for it in the default rkhunter.conf: > #ALLOWPROCLISTEN=/sbin/dhclient > #ALLOWPROCLISTEN=/sbin/dhclient3 > #ALLOWPROCLISTEN=/sbin/dhcpcd > #ALLOWPROCLISTEN=/usr/sbin/pppoe > #ALLOWPROCLISTEN=/usr/sbin/tcpdump > #ALLOWPROCLISTEN=/usr/sbin/snort-plain > #ALLOWPROCLISTEN=/sbin/wpa_supplicant I have removed this commented entry. > So I thought it _should_ be reported (which is not the case). The protocol is excluded from the listen process check: egrep -v '^sk|888e' /proc/net/packet Cheers, Julien -- Membre de l'April - « promouvoir et défendre le logiciel libre » - http://www.april.org Rejoignez maintenant près de 4 000 personnes, associations, entreprises et collectivités qui soutiennent notre action -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
