Your message dated Mon, 04 Jul 2016 00:49:52 +0000 with message-id <[email protected]> and subject line Bug#816170: fixed in rkhunter 1.4.2-6 has caused the Debian Bug report #816170, regarding False positive deleted files after upgrade from wheezy to jessie to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 816170: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816170 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message --------BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package: rkhunter Version: 1.4.2-0.4 Severity: normal First, that bug is from a stable (jessie) box and I don't have any stable box with configured mail so no system information below. Beside others I have the following lines in rkhunter.conf: ALLOWPROCDELFILE="/bin/dash:/tmp/*" ALLOWPROCDELFILE="/bin/run-parts:/tmp/*" ALLOWPROCDELFILE="/usr/sbin/cron:/tmp/tmp*" That worked well in wheezy and matches the documentation of that parameter. Unfortunatelly since upgrading to jessie I get many false positives like this: Warning: The following processes are using deleted files: Process: /usr/sbin/cron PID: 2643 File: /tmp/tmpf1TLeZx Process: /bin/dash PID: 2644 File: /tmp/tmpf1TLeZx Process: /bin/run-parts PID: 2645 File: /tmp/tmpf1TLeZx On other servers I get complains about apache or dovecot or other server processes holding open caches, tmp files or similar. All are excluded like above with wildcards. That is pretty annoying and I even thought about raising the severity as all that false positives could hide really important and real security issues. - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen <[email protected]> Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQGcBAEBCgAGBQJW0sKwAAoJEKZ8CrGAGfas0t4L/0wYEOxTVtaBlVJLv+P6cyPt 17j8eJAu8x0/ZWdcGjSkGiC7gs48C0AY0kUGZEEzUw1xRDpsYIbWUk/jdsRq9IYV l3GsEsVyjqCTeo5Scl8O4SUT59LFHTeKvZc9l8cBbEBC2wNNzvcw1aOB3ogyd8cE L2l3kc4Q25iL8YDZ+T8c4/PCplV8X/odsmTdJv+Sd6IZzzk/jO2v/q93aHml7rgp 8VhOQ2R90nCy+Z3K9bMqd7C9fWXXUgtxCjzYQO8P6aWYvFZaPqvrjk5V3xH6JDma 3AR+XMSnPPK4WVjLPMIQxtrVFKQzy8etD+Cm9ulwt5m4JKwHMIznBxcs66qeKvlE CJNvbwKZvsGFuEoJ6kxyIEc/kP8sPQziui0BDtFhu5+gnVgKP2kRjqiO8JAo/oyS pja5xCnnGEjr90oXXppaqx2IbGntBRx8m3VLr0UpQIVYMqpN6wFNav09kbXGBkgN 80UUqAapvNRBj+4sQdwngSK0q4tWTAGrzxNTTMP55Q== =uUnL -----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---Source: rkhunter Source-Version: 1.4.2-6 We believe that the bug you reported is fixed in the latest version of rkhunter, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Francois Marier <[email protected]> (supplier of updated rkhunter package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 03 Jul 2016 17:29:26 -0700 Source: rkhunter Binary: rkhunter Architecture: source all Version: 1.4.2-6 Distribution: unstable Urgency: medium Maintainer: Debian Forensics <[email protected]> Changed-By: Francois Marier <[email protected]> Description: rkhunter - rootkit, backdoor, sniffer and exploit scanner Closes: 816170 Changes: rkhunter (1.4.2-6) unstable; urgency=medium . * Fix logcheck rule ("1 seconds") * Pull in upstream commit to fix false positives (closes: #816170) * Move VCS URLs to HTTPS * Bump Standards-Version to 3.9.8 Checksums-Sha1: e7ab92a3b5d033709afeddb379bbcbcfc4ab38ce 2022 rkhunter_1.4.2-6.dsc 372a393bead19621b35f4bf912575337c5214214 27988 rkhunter_1.4.2-6.debian.tar.xz 67b6754529d6d9b857de7d9abd144868f12c5684 237866 rkhunter_1.4.2-6_all.deb Checksums-Sha256: c04deddd34991ff165a7041cf73bebd09ec0fd1343c2fb38a8984636daaf0e30 2022 rkhunter_1.4.2-6.dsc b08169cad596108a3bd1d5ba461112d8796c5d6fc5a4843fbb023f60928f89a9 27988 rkhunter_1.4.2-6.debian.tar.xz 47b633eadaa91738114d93ca361ea310755c1082f8144cd605e415ecabaa8720 237866 rkhunter_1.4.2-6_all.deb Files: d92ebe209a9ee8eb41e23192dc1b30c9 2022 admin optional rkhunter_1.4.2-6.dsc ade4db91ae120e4b0c94ba73a6df4990 27988 admin optional rkhunter_1.4.2-6.debian.tar.xz f1f25cd8274de94214e811603cc10ccc 237866 admin optional rkhunter_1.4.2-6_all.deb -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJXea38XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4QzQ3MEIyQTBCMzE1NjhFMTEwRDQzMjUx NjI4MUYyRTAwN0M5OEQxAAoJEBYoHy4AfJjRp20P/2YKuxo8/yab3/oWYaCkNvbN ROGD1lrzvrGr5Xh5sR7zAURAQqQDr3gCsrz6pKJB0z1xwtVmGqZKIy17BemnWK7e KX/R/rFtgE2GlxBRxUyYWtQoi2LKiGhCMn3eYjMEPxh+0E4loh1BShEawCCoI7au 9RI4lurXwCl/0ve1EetHg/zGLFjo33gWdrmfgWUxUB8fL4iNRTYcGZkHrGsX7tCt LN9c7zucZYL8nOpQP94gFYBqkFYrMAli5FnAnosPYtxK+b67d1sqJioM5XHL7y2N VCQp/XFTaOwdPmON6B7ZcOgs/WegEupylfIBtRH8HxWaelVMbebhqaTQGwnC028p DOgUOEV9QAFY3+cpDSxy4puLhX5iKV2DmgSR/XtgP+rbToUvVKt8HOi/Pa8g1d2v JzOUD6nCLyAVTfVF6oihN1+w25TISgQphBRAvAaXfvGNaTZmcsFLtZjjmhJwbisq y/Sx95GrQIjen9QlNgLKp6Arq5CSZl5W566XxLmEKu31/cC98HCaFuLdY1HrABxO Vbft5tJ/w3OG3D/t8W1/dnUkkV0Z+EY0qmBRgqmAjD5g/sf+1XIuGy2SN8qXbFg7 lJ2lwYBT3/ztZ8oW5ssVbQ7padIkIiTDNDOwwBtR15tqnQWcnu7fF71Cn7VxeyqL Q+IoX70hSDMg1GLKeuvu =U5xz -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ forensics-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
