[Rkhunter-users] Bug in unhide results test

Sun, 01 Oct 2017 05:49:29 -0700 

Hi,
Using last CVS version of RKhunter, there is an error on the check of unhide results. 

Following is an extract of rkhunter.log :

   [13:03:54] Info: Starting test name 'hidden_procs'
   [13:03:54] Info: Found the 'unhide-linux' command: /root/unhide/unhide-linux
   [13:03:54] Info: Found 'unhide' command version: 20130526
   [13:03:58]     Using command '/root/unhide/unhide-linux  -m quick' [ None
   found ]
   [13:03:58]     Using command '/root/unhide/unhide-linux  -m reverse' [ None
   found ]
   [13:04:13]     Using command '/root/unhide/unhide-linux  -m procall' [ None
   found ]
   [13:04:21]     Using command '/root/unhide/unhide-linux  -m brute' [ None
   found ]
   [13:04:21]   Checking for hidden processes                   [ Warning ]
   [13:04:21]

I test with with version 1.4.0 of RKhunter, the problem did already exist.

If I disable all tests but hidden_procs the check is OK :

   [14:25:51] Info: Starting test name 'hidden_procs'
   [14:25:51] Info: Found the 'unhide-linux' command: /root/unhide/unhide-linux
   [14:25:51] Info: Found 'unhide' command version: 20130526
   [14:25:55]     Using command '/root/unhide/unhide-linux  -m quick' [ None
   found ]
   [14:25:55]     Using command '/root/unhide/unhide-linux  -m reverse' [ None
   found ]
   [14:26:11]     Using command '/root/unhide/unhide-linux  -m procall' [ None
   found ]
   [14:26:20]     Using command '/root/unhide/unhide-linux  -m brute' [ None
   found ]
   [14:26:20]   Checking for hidden processes                   [ None found ]
   [14:26:20]

The problem comes from line 13918 :

        elif [ -z "${HIDDEN_PROCS}" -a $ERRCODE -ne 1 -a $SEEN -eq 1 ]; then

ERRCODE is not set by the hidden_procs test. When running all tests :

          ENABLE_TESTS=ALL
          DISABLE_TESTS=suspscan deleted_files packet_cap_apps apps


the value of ERRCODE is '1' from a previous test. I echoed the value just before 
their test :


FOUND :  1 HIDDEN_PROCS : ""  ERRCODE :  1  SEEN :  1

Regards.


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users






















					Reply via email to