Quite possibly. It is still a typo though ;-) I've notified the folks on the rkhunter mailing list as well. Seeing a warning that your sshd daemon has been possibly trojaned can cause a heart beat skip ;-) Thanks for checking.
On Tue, Mar 11, 2014 at 3:10 PM, Steven Kneizys <[email protected]>wrote: > I am actually thinking this is an rkhunter bug! :-) > > > On Tue, Mar 11, 2014 at 4:06 PM, Wally <[email protected]> wrote: > >> Hi Steve, >> >> I believe there are few other files that contain "aion" but I think >> they're just comments and don't end up as strings in the compiled file. >> If you do a find | grep you'll see the other files. I'm not sure how >> rkhunter fully works yet. I ended up correcting the typo and recompiling. >> Now rkhunter no longer throws the warning. >> >> Wally >> >> >> On Tue, Mar 11, 2014 at 2:54 PM, Steven Kneizys <[email protected]>wrote: >> >>> I see that in the source: >>> >>> .asciz "Vector Permutaion AES for x86_64/SSSE3, Mike Hamburg (Stanford >>> University)" >>> >>> And should be: >>> >>> .asciz "Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford >>> University)" >>> >>> I am just wondering why that rkhunter would possibly think that was a >>> vulnerability! >>> >>> Steve... >>> >>> >>> On Tue, Mar 11, 2014 at 3:12 PM, Wally <[email protected]> wrote: >>> >>>> Greetings. I have compiled openssh 6.5p1, openssl 1.0.1f and rkhunter >>>> 1.4.2. >>>> >>>> Rkhunter shows the following message: >>>> [ Warning ]Found string 'aion' in file '/usr/sbin/sshd'. Possible >>>> rootkit: Trojaned SSH daemon >>>> >>>> OpenSSH is compiled with OpenSSL support, and the string "aion" that is >>>> identified as a possible root kit by rkhunter is found inside " >>>> openssl-1.0.1f/crypto/aes/asm/vpaes-x86_64.pl" file. It looks like a >>>> simple typo on line 1063. Could the developers please take a look and >>>> possibly repackage the release? >>>> >>>> Thanks >>>> >>> >>> >>> >>> -- >>> Steve Kneizys >>> Senior Business Process Engineer >>> Voice: (610) 256-1396 [For Emergency Service (888)864-3282] >>> Ferrilli Information Group -- Quality Service and Solutions for Higher >>> Education >>> web: http://www.ferrilli.com/ <http://www.figsolutions.com/> >>> >>> Making you a success while exceeding your expectations. >>> >> >> > > > -- > Steve Kneizys > Senior Business Process Engineer > Voice: (610) 256-1396 [For Emergency Service (888)864-3282] > Ferrilli Information Group -- Quality Service and Solutions for Higher > Education > web: http://www.ferrilli.com/ <http://www.figsolutions.com/> > > Making you a success while exceeding your expectations. >
