Bug#571947: rkhunter gives false positives

Sun, 28 Feb 2010 06:03:28 -0800 

Package: rkhunter
Severity: normal



-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: x86_64

Kernel: Linux 2.6.32-2-amd64 (SMP w/2 CPU cores)
Locale: lang=de...@euro, lc_ctype=de...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Dear maintainer-team,

since some time I get the following messages/mails by rkhunter, which are
definetily no rootkits. I checked the relatedt files, which are all correct.
It would be nice, if you could tak an eye on it.

This is the message by rkhunter:

Warning: The command '/sbin/chkconfig' has been replaced by a script:
/sbin/chkconfig: a /usr/bin/perl script text executable
Warning: Checking for possible rootkit strings    [ Warning ]
         Found string 'hdparm' in file '/etc/init.d/.depend.boot'. Possible
rootkit: Xzibit Rootkit
         Found string 'hdparm' in file '/etc/init.d/bootlogd'. Possible
rootkit: Xzibit Rootkit
         Found string 'hdparm' in file '/etc/init.d/checkroot.sh'. Possible
rootkit: Xzibit Rootkit
         Found string 'hdparm' in file '/etc/init.d/hdparm'. Possible
rootkit: Xzibit Rootkit
Warning: Network TCP port 1524 is being used by /usr/sbin/portsentry.
Possible rootkit: Possible FreeBSD (FBRK) Rootkit backdoor
         Use the 'lsof -i' or 'netstat -an' command to check this.
Warning: Network TCP port 6667 is being used by /usr/sbin/portsentry.
Possible rootkit: Possible rogue IRC bot
         Use the 'lsof -i' or 'netstat -an' command to check this.
Warning: Network TCP port 31337 is being used by /usr/sbin/portsentry.
Possible rootkit: Historical backdoor port
         Use the 'lsof -i' or 'netstat -an' command to check this.
Warning: Application 'openssl', version '0.9.8k', is out of date, and
possibly a security risk.

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)

I am running portsentry, and hdparm is also installed. Please ask me for
more tests.


Best regards

Hans-J. Ullrich



-- 
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]

Reply via email to