Your message dated Sun, 17 Feb 2013 08:48:17 +0000 with message-id <[email protected]> and subject line Bug#695099: fixed in rkhunter 1.4.0-3 has caused the Debian Bug report #695099, regarding rkhunter: Presence of unhide.rb results in spurious warning to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 695099: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695099 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: rkhunter Version: 1.4.0-1 Severity: normal When unhide.rb (recommended by rkhunter) is installed, this results in a spurious warning because unhide.rb is a ruby script and not a binary file: [09:47:05] /usr/bin/unhide.rb [ Warning ] [09:47:05] Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: Ruby script, ASCII text I had to add: SCRIPTWHITELIST=/usr/bin/unhide.rb to rkhunter.conf to stop this warning. This should probably be done by default. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (300, 'testing'), (200, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages rkhunter depends on: ii binutils 2.22-7.1 ii debconf [debconf-2.0] 1.5.46 ii file 5.11-2 ii net-tools 1.60-24.2 ii perl 5.14.2-15 ii ucf 3.0025+nmu3 Versions of packages rkhunter recommends: ii curl 7.28.0-3 ii elinks 0.12~pre5-9 ii exim4-daemon-light [mail-transport-agent] 4.80-5.1 ii iproute 20120521-3 ii lsof 4.86+dfsg-1 ii unhide.rb 13-1 ii wget 1.14-1 Versions of packages rkhunter suggests: ii bsd-mailx [mailx] 8.1.2-0.20111106cvs-1 pn libdigest-whirlpool-perl <none> pn liburi-perl <none> pn libwww-perl <none> pn powermgmt-base <none> pn tripwire <none> -- Configuration Files: /etc/rkhunter.conf changed: ROTATE_MIRRORS=1 UPDATE_MIRRORS=1 MIRRORS_MODE=0 MAIL-ON-WARNING="root" MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}" TMPDIR=/var/lib/rkhunter/tmp DBDIR=/var/lib/rkhunter/db SCRIPTDIR=/usr/share/rkhunter/scripts UPDATE_LANG="" LOGFILE=/var/log/rkhunter.log APPEND_LOG=0 COPY_LOG_ON_ERROR=0 COLOR_SET2=0 AUTO_X_DETECT=1 WHITELISTED_IS_WHITE=0 ALLOW_SSH_ROOT_USER=no ALLOW_SSH_PROT_V1=0 ENABLE_TESTS="all" DISABLE_TESTS="suspscan deleted_files packet_cap_apps apps" SCRIPTWHITELIST=/bin/egrep SCRIPTWHITELIST=/bin/fgrep SCRIPTWHITELIST=/bin/which SCRIPTWHITELIST=/usr/bin/groups SCRIPTWHITELIST=/usr/bin/ldd SCRIPTWHITELIST=/usr/bin/lwp-request SCRIPTWHITELIST=/usr/sbin/adduser SCRIPTWHITELIST=/usr/sbin/prelink SCRIPTWHITELIST=/usr/bin/unhide.rb IMMUTABLE_SET=0 PHALANX2_DIRTEST=0 ALLOW_SYSLOG_REMOTE_LOGGING=0 SUSPSCAN_TEMP=/dev/shm SUSPSCAN_MAXSIZE=10240000 SUSPSCAN_THRESH=200 USE_LOCKING=0 LOCK_TIMEOUT=300 SHOW_LOCK_MSGS=1 DISABLE_UNHIDE=1 INSTALLDIR="/usr" -- debconf information: * rkhunter/apt_autogen: true * rkhunter/cron_daily_run: true * rkhunter/cron_db_update: true
--- End Message ---
--- Begin Message ---Source: rkhunter Source-Version: 1.4.0-3 We believe that the bug you reported is fixed in the latest version of rkhunter, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Julien Valroff <[email protected]> (supplier of updated rkhunter package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 17 Feb 2013 09:35:46 +0100 Source: rkhunter Binary: rkhunter Architecture: source all Version: 1.4.0-3 Distribution: unstable Urgency: low Maintainer: Debian Forensics <[email protected]> Changed-By: Julien Valroff <[email protected]> Description: rkhunter - rootkit, backdoor, sniffer and exploit scanner Closes: 695099 697249 Changes: rkhunter (1.4.0-3) unstable; urgency=low . * Add commented entry to whitelist /usr/bin/unhide.rb as a script (Closes: #695099) * Fix apt.conf snippet syntax - thanks to Axel Beckert <[email protected]> (Closes: #697249) Checksums-Sha1: 8bc0e36004ad863c2162deeecad41c0157b852b4 1912 rkhunter_1.4.0-3.dsc ac6c57e7cccecc0003ef3e46f9bbc0f3195d4d55 28850 rkhunter_1.4.0-3.debian.tar.gz f93d98731999e25f674405486ad459cb7c82b7af 247884 rkhunter_1.4.0-3_all.deb Checksums-Sha256: efe0fc40f02cf9033ecdc9d75a50478ec0a2de3c052327a0542ff997422be8f0 1912 rkhunter_1.4.0-3.dsc 219c83a2fcd347c4fa94a23e7db91856cf2eb53e16f2c08144ee60deb39c1b10 28850 rkhunter_1.4.0-3.debian.tar.gz 3867e4a8fface349bcb2306259e429093847c4f909aefefdba7655d510291708 247884 rkhunter_1.4.0-3_all.deb Files: d869dc0a34cb60cb85fc640f0f516da8 1912 admin optional rkhunter_1.4.0-3.dsc 5287307a6d3c6cc8e1e395df837243a4 28850 admin optional rkhunter_1.4.0-3.debian.tar.gz 6517777174f5873016f911509ff27dfe 247884 admin optional rkhunter_1.4.0-3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJRIJaaAAoJEFHhprzRxas7EloP+wUtTtsLKccV+G+QzLUsOkD2 vrTCtiiB0boPxg8I0AqU7gbZi8X6luDxXCd8nHM+AJgaL4AJKB9tEwWMnHkFOlXO /+mHc2ZBP2T0zG4oiIV03n/0thr61KWzBOl8XrM1CL0hhYKjyTcZqUnW8Yk5F2Bt cJaBHUcjncxteoerF1RMRH8Ov2qFcktTHgNnJrbCiRK2fiIfuS8x1Ey1I04JKPTo /1RLAZ7qdkq9gdr7JV2atUmRumJhWZd/zN3Su37QefQFj/8aXhIu4ZQxkEANZLig C/WUlQHWMQLevIVtdvc7f0MVMpe46LOmAX8zv8I0vMta6T1rr0yOyIKa4STTK56O G/zWjsUm64FiAnktpPa/SViy0C4OlSe6NMhZRJ0R6eSPT3xUOFm0LI0CsNBWdFnc 32u8Kj6BixlFKf5KJNxpKG4hvgwPn5V5G5ITvcYOV+jkUNacZDcLRsZFznx9VGT+ DDaxjioshxH1haBGWBwL3gvq2Uzgk0MMT7TG9uGPsJ520MV3fg12ceTSwLbSMm7r j7QPz52RV/kahCZKvccD6B8AXAQR+K+P/odEadw4e1idB+RxjRW5Ezs5Ku0osxoF 2hhZx4uscyruiw+OuuTDMdJ48Y4NutzHPD9OS2uPkMElvnPfMsqaYnLQ0S/TCtgJ LkOD9v3epl/HE74ZY/Yl =I1OF -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ forensics-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
