Your message dated Sun, 26 Apr 2015 01:53:21 +1200 with message-id <[email protected]> and subject line Fixed in 1.4.2 has caused the Debian Bug report #704816, regarding rkhunter: Spurious hidden processes warning with new (20121229) C unhide program to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 704816: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=704816 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: rkhunter Version: 1.4.0-3 Severity: normal Tags: patch, upstream Dear Maintainer, When rkhunter uses C unhide program (e.g. with option DISABLE_UNHIDE=0) daily cron job generates spurious warning about found hidden processes: """ Warning: Hidden processes found: Copyright © 2012 Yago Jesus & Patrick Gouin License GPLv3+ : GNU GPL version 3 or later NOTE : This version of unhide is for systems using Linux >= 2.6 Used options: """ This happens due to changes in unhide's output format/data in new version of the program (20121229). I'm attaching my patch (using reportbug's "--attach" option), which leaves parsing of old format for versions lower than 20121229 and introduces changes for versions >= 20121229. Changes seem to work on my system (at least when there are no hidden processes actually found). -- System Information: Debian Release: 7.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages rkhunter recommends: ii unhide 20121229-1 -- Configuration Files: /etc/default/rkhunter changed [not included] /etc/rkhunter.conf changed [not included] -- debsums errors found: debsums: changed file /usr/bin/rkhunter (from rkhunter package) -- Regards, Jacek Politowski--- rkhunter.orig 2013-02-17 09:36:30.000000000 +0100 +++ rkhunter 2013-04-06 10:35:20.021957973 +0200 @@ -12435,7 +12435,11 @@ fi SEEN=1 - FOUND_PROCS=`${UNHIDE_CMD} ${UNHIDE_OPTS} ${RKHTMPVAR} 2>&1 | egrep -v '^(Unhide |yjesus@|http:|\[\*\]|$)'` + if [ $UNHIDE_VERS -lt 20121229 ]; then + FOUND_PROCS=`${UNHIDE_CMD} ${UNHIDE_OPTS} ${RKHTMPVAR} 2>&1 | egrep -v '^(Unhide |yjesus@|http:|\[\*\]|$)'` + else + FOUND_PROCS=`${UNHIDE_CMD} ${UNHIDE_OPTS} ${RKHTMPVAR} 2>&1 | egrep -v '^(Unhide [0-9]{8}$|Copyright . [0-9]{4} Yago Jesus & Patrick Gouin$|License GPLv3\+ : GNU GPL version 3 or later$|http:\/\/www\.unhide-forensics\.info$|NOTE : This version of unhide is for systems using Linux >= 2\.6.*$|Used options:.*$|\[\*\]|$)'` + fi if [ -z "${FOUND_PROCS}" ]; then # Nothing found.
--- End Message ---
--- Begin Message ---Version: 1.4.2-0.1 According to https://bugs.launchpad.net/rkhunter/+bug/1324569/comments/2, this has been fixed in 1.4.2. If that's not the case, please reopen the bug. Thanks, Francois
--- End Message ---
_______________________________________________ forensics-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
