Bug#562588: rkhunter: Having ZNC installed causes warning about 'possible rouge IRC bot'
Package: rkhunter Version: 1.3.2-6 Severity: normal Since apt-get updating rkhunter to the most recent package, I get the following false positive by e-mail each day: Warning: Network TCP port 6667 is being used by /usr/bin/znc. Possible rootkit: Possible rogue IRC bot Use the 'lsof -i' or 'netstat -an' command to check this. ZNC is a legitimate IRC bouncer program and I am using the version packaged for Debian. Ideally, rkhunter would be fixed not to complain about this. Failing that, we should note the problem in README.debian along with a workaround, if there is one. -- System Information: Debian Release: 5.0.3 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-xen-amd64 (SMP w/1 CPU core) Locale: LANG=en_GB.UTF-8, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages rkhunter depends on: ii binutils2.18.1~cvs20080103-7 The GNU assembler, linker and bina ii debconf [debconf-2. 1.5.24 Debian configuration management sy ii exim4 4.69-9 metapackage to ease Exim MTA (v4) ii exim4-daemon-light 4.69-9 lightweight Exim MTA (v4) daemon ii file4.26-1 Determines file type using magic ii net-tools 1.60-22 The NET-3 networking toolkit ii perl5.10.0-19lenny2 Larry Wall's Practical Extraction Versions of packages rkhunter recommends: ii curl 7.18.2-8lenny3 Get a file from an HTTP, HTTPS or ii elinks 0.11.4-3advanced text-mode WWW browser ii iproute 20080725-2 networking and traffic control too ii libmd5-perl 2.03-1 backwards-compatible wrapper for D ii unhide 20080519-2 Forensic tool to find hidden proce ii wget 1.11.4-2+lenny1 retrieves files from the web Versions of packages rkhunter suggests: ii bsd-mailx 8.1.2-0.20071201cvs-3 A simple mail user agent -- debconf information: rkhunter/apt_autogen: false rkhunter/cron_daily_run: rkhunter/cron_db_update: -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#562588: rkhunter: Having ZNC installed causes warning about 'possible rouge IRC bot'
package rkhunter tags 562588 + pending thanks Hi David, Le samedi 26 décembre 2009 à 10:13 +, David North a écrit : Package: rkhunter Version: 1.3.2-6 Severity: normal Since apt-get updating rkhunter to the most recent package, I get the following false positive by e-mail each day: Warning: Network TCP port 6667 is being used by /usr/bin/znc. Possible rootkit: Possible rogue IRC bot Use the 'lsof -i' or 'netstat -an' command to check this. ZNC is a legitimate IRC bouncer program and I am using the version packaged for Debian. Ideally, rkhunter would be fixed not to complain about this. Failing that, we should note the problem in README.debian along with a workaround, if there is one. Well, actually, rkhunter just warns a daemon listens on TCP port 6667 which is used by IRC bot. To disable this warning, just add the following to your rkhunter.conf file: PORT_WHITELIST=TCP:6667 or better: PORT_WHITELIST=/usr/bin/znc I have added an entry about this to README.Debian. Cheers, Julien -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
