I am actually thinking this is an rkhunter bug! :-)
On Tue, Mar 11, 2014 at 4:06 PM, Wally <[email protected]> wrote: > Hi Steve, > > I believe there are few other files that contain "aion" but I think > they're just comments and don't end up as strings in the compiled file. > If you do a find | grep you'll see the other files. I'm not sure how > rkhunter fully works yet. I ended up correcting the typo and recompiling. > Now rkhunter no longer throws the warning. > > Wally > > > On Tue, Mar 11, 2014 at 2:54 PM, Steven Kneizys <[email protected]>wrote: > >> I see that in the source: >> >> .asciz "Vector Permutaion AES for x86_64/SSSE3, Mike Hamburg (Stanford >> University)" >> >> And should be: >> >> .asciz "Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford >> University)" >> >> I am just wondering why that rkhunter would possibly think that was a >> vulnerability! >> >> Steve... >> >> >> On Tue, Mar 11, 2014 at 3:12 PM, Wally <[email protected]> wrote: >> >>> Greetings. I have compiled openssh 6.5p1, openssl 1.0.1f and rkhunter >>> 1.4.2. >>> >>> Rkhunter shows the following message: >>> [ Warning ]Found string 'aion' in file '/usr/sbin/sshd'. Possible >>> rootkit: Trojaned SSH daemon >>> >>> OpenSSH is compiled with OpenSSL support, and the string "aion" that is >>> identified as a possible root kit by rkhunter is found inside " >>> openssl-1.0.1f/crypto/aes/asm/vpaes-x86_64.pl" file. It looks like a >>> simple typo on line 1063. Could the developers please take a look and >>> possibly repackage the release? >>> >>> Thanks >>> >> >> >> >> -- >> Steve Kneizys >> Senior Business Process Engineer >> Voice: (610) 256-1396 [For Emergency Service (888)864-3282] >> Ferrilli Information Group -- Quality Service and Solutions for Higher >> Education >> web: http://www.ferrilli.com/ <http://www.figsolutions.com/> >> >> Making you a success while exceeding your expectations. >> > > -- Steve Kneizys Senior Business Process Engineer Voice: (610) 256-1396 [For Emergency Service (888)864-3282] Ferrilli Information Group -- Quality Service and Solutions for Higher Education web: http://www.ferrilli.com/ <http://www.figsolutions.com/> Making you a success while exceeding your expectations.
