Bug#647493: rkhunter: Please allow deactivation of reports
Package: rkhunter Version: 1.3.2-6 Severity: minor Tags: patch Hi! In our setup we use rkhunter on several systems and monitor the results of the daily runs via our monitoring system. So, we'd like to disable the report mails. However, unsetting MAIL-ON-WARNING in /etc/rkhunter.conf wasn't enough, as we found out, that mails are also send from the cronjob itselfe (Why, if I may ask? Doesn't rkhunter itself already has the mail feature?) Unsetting REPORT_EMAIL in /etc/cron.daily/rkhunter also didn't solved the issue for us, as the | /usr/sbin/sendmail $REPORT_EMAIL in the cronjob fails. However, with the following patch: -if [ -s $OUTFILE ]; then +if [ -s $OUTFILE -a -n $REPORT_EMAIL ]; then Report mails can be disabled, while keeping the functionality. Best regards, Alexander -- System Information: Debian Release: 5.0.9 APT prefers oldstable APT policy: (500, 'oldstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-xen-686 (SMP w/1 CPU core) Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15) (ignored: LC_ALL set to de_DE@euro) Shell: /bin/sh linked to /bin/bash Versions of packages rkhunter depends on: ii binutils2.18.1~cvs20080103-7 The GNU assembler, linker and bina ii debconf [debconf-2. 1.5.24 Debian configuration management sy ii file4.26-1 Determines file type using magic ii net-tools 1.60-22 The NET-3 networking toolkit ii perl5.10.0-19lenny5 Larry Wall's Practical Extraction ii postfix [mail-trans 2.5.5-1.1+lenny1 High-performance mail transport ag Versions of packages rkhunter recommends: ii curl 7.18.2-8lenny5 Get a file from an HTTP, HTTPS or ii iproute 20080725-2 networking and traffic control too ii libmd5-perl 2.03-1 backwards-compatible wrapper for D ii links2.1pre37-1.1Web browser running in text mode ii lynx 2.8.7dev9-2.1 Text-mode WWW Browser (transitiona ii unhide 20080519-2 Forensic tool to find hidden proce ii wget 1.11.4-2+lenny2 retrieves files from the web Versions of packages rkhunter suggests: ii bsd-mailx 8.1.2-0.20071201cvs-3 A simple mail user agent -- debconf information: * rkhunter/apt_autogen: true * rkhunter/cron_daily_run: true * rkhunter/cron_db_update: true ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
rkhunter backport for squeeze?
Hi! Many thanks for your work on the rkhunter package, I'm using it on quite some machines. However, I would be very interested in having backports of the package available (via backports.d.o). Backporting rkhunter seems also to be quite easy, but being just a user and not deeper involved in it's packaging or development, I'm wondering if there could be a reason not to backport it? Surely I'm not the first one interested in one. If there's no reason, would you mind if I upload a backport to the archive, or would you prefer to do it on your own? Best regards, Alexander ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Processed: tagging 647493
Processing commands for cont...@bugs.debian.org: tags 647493 + pending Bug #647493 [rkhunter] rkhunter: Please allow deactivation of reports Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 647493: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647493 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Re: rkhunter backport for squeeze?
Hi Alexander, Le jeudi 03 nov. 2011 à 16:15:00 (+0100 CET), Alexander Reichle-Schmehl a écrit : Hi! Many thanks for your work on the rkhunter package, I'm using it on quite some machines. However, I would be very interested in having backports of the package available (via backports.d.o). Backporting rkhunter seems also to be quite easy, but being just a user and not deeper involved in it's packaging or development, I'm wondering if there could be a reason not to backport it? Surely I'm not the first one interested in one. Actually, yes, you are the first one to ask for it which partly explains why there is no backport for rkhunter. If there's no reason, would you mind if I upload a backport to the archive, or would you prefer to do it on your own? I can do this myself if that's fine for you. I however would like to upload the 1.3.8-10 version first which fixes the bug you have just reported (BTW, thanks for the patch), as well as #644326. I also agree there shouldn't be any problem with the backport, hence I'll upload it as soon as the new version enters in testing. Cheers, Julien -- .''`. Julien Valroff ~ jul...@kirya.net ~ jul...@debian.org : :' : Debian Developer Free software contributor `. `'` http://www.kirya.net/ `- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1 ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Processing of rkhunter_1.3.8-10_amd64.changes
rkhunter_1.3.8-10_amd64.changes uploaded successfully to localhost along with the files: rkhunter_1.3.8-10.dsc rkhunter_1.3.8-10.debian.tar.gz rkhunter_1.3.8-10_all.deb Greetings, Your Debian queue daemon (running on host franck.debian.org) ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
rkhunter_1.3.8-10_amd64.changes ACCEPTED into unstable
Accepted: rkhunter_1.3.8-10.debian.tar.gz to main/r/rkhunter/rkhunter_1.3.8-10.debian.tar.gz rkhunter_1.3.8-10.dsc to main/r/rkhunter/rkhunter_1.3.8-10.dsc rkhunter_1.3.8-10_all.deb to main/r/rkhunter/rkhunter_1.3.8-10_all.deb Override entries for your package: rkhunter_1.3.8-10.dsc - source admin rkhunter_1.3.8-10_all.deb - optional admin Announcing to debian-devel-chan...@lists.debian.org Closing bugs: 644326 647493 Thank you for your contribution to Debian. ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#644326: marked as done (rkhunter: /run transition: Please update use of /dev/.udev)
Your message dated Fri, 04 Nov 2011 05:47:34 + with message-id e1rmcco-9l...@franck.debian.org and subject line Bug#644326: fixed in rkhunter 1.3.8-10 has caused the Debian Bug report #644326, regarding rkhunter: /run transition: Please update use of /dev/.udev to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 644326: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644326 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Source: rkhunter Severity: important User: rle...@debian.org Usertags: run-transition udev Hi! /run is a new cross-distribution location for the storage of transient state files, i.e. files containing run-time information that may or may not need to be written early in the boot process and which does not require preserving across reboots. [1] Support for /run is an accepted release goal for wheezy. A result of that change is, that udev no longer uses /dev/ to store its runtime state file, i.e. the /dev/.udev/ directory, /dev/.udevdb and /dev/.udev.tdb are gone and udev uses /run/udev/ now. During an automated test your package rkhunter was flagged to reference files/directories matching /dev/.udev A log of this test can be found at [2]. In most cases checking for /dev/.udev is used to determine if udev is active. This check no longer works with udev using /run/udev now. In most cases, checking for udev being installed is not appropriate and should be avoided. Nowadays all reasonable systems either have udev installed or do not need /dev to be managed (e.g. LXC, chroots): if your package only needs to decide if MAKEDEV should be run then please just remove all such code and assume that the device exists. If the package is only useful when it reacts to uevents then it should probably depend on udev. If checking for udev being active is really needed, then your package needs to be updated to support this new location of the udev database. If you have any doubts, please contact the udev maintainer Marco d'Itri m...@linux.it. [1] http://wiki.debian.org/ReleaseGoals/RunDirectory [2] http://wiki.debian.org/ReleaseGoals/RunDirectory#Packages_using_.2BAC 8-dev.2BAC8.udev ---End Message--- ---BeginMessage--- Source: rkhunter Source-Version: 1.3.8-10 We believe that the bug you reported is fixed in the latest version of rkhunter, which is due to be installed in the Debian FTP archive: rkhunter_1.3.8-10.debian.tar.gz to main/r/rkhunter/rkhunter_1.3.8-10.debian.tar.gz rkhunter_1.3.8-10.dsc to main/r/rkhunter/rkhunter_1.3.8-10.dsc rkhunter_1.3.8-10_all.deb to main/r/rkhunter/rkhunter_1.3.8-10_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 644...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Julien Valroff jul...@debian.org (supplier of updated rkhunter package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 03 Nov 2011 19:49:55 +0100 Source: rkhunter Binary: rkhunter Architecture: source all Version: 1.3.8-10 Distribution: unstable Urgency: low Maintainer: Debian Forensics forensics-devel@lists.alioth.debian.org Changed-By: Julien Valroff jul...@debian.org Description: rkhunter - rootkit, backdoor, sniffer and exploit scanner Closes: 644326 647493 Changes: rkhunter (1.3.8-10) unstable; urgency=low . * Remove all references to now inexistant /dev/.udev* directories in the default configuration (Closes: #644326) * Actually allow deactivation of reports - thanks to Alexander Reichle-Schmehl for the patch (Closes: #647493) Checksums-Sha1: 34c44302e46316cfb9782e6211b98c008d5e5cd0 1916 rkhunter_1.3.8-10.dsc 6f61005b7f75371cfeaccb1027c195d02d3e267a 28483 rkhunter_1.3.8-10.debian.tar.gz f8cd0842ba47cb3a058ce0d411389e73b7c9d284 244400 rkhunter_1.3.8-10_all.deb Checksums-Sha256: 263cae0f191e36c960572b953fe5286fc9ed68cf8f37205c7c7739b818cf45af 1916 rkhunter_1.3.8-10.dsc 5827307a95a2e1b79f3db87c7f8c1960898eed229a80c644be7bd4ade1f72731 28483 rkhunter_1.3.8-10.debian.tar.gz f122969798e1a059549729e7cbaf1741f27be28c12c6a8d0d97bd83a7b8f8202 244400 rkhunter_1.3.8-10_all.deb Files: 6750bce648891283b105742f3b8d7051 1916 admin optional rkhunter_1.3.8-10.dsc 20c10c4b709d4b362f154f41b470f9e9 28483 admin
Bug#647493: marked as done (rkhunter: Please allow deactivation of reports)
Your message dated Fri, 04 Nov 2011 05:47:35 + with message-id e1rmccp-9r...@franck.debian.org and subject line Bug#647493: fixed in rkhunter 1.3.8-10 has caused the Debian Bug report #647493, regarding rkhunter: Please allow deactivation of reports to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 647493: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647493 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: rkhunter Version: 1.3.2-6 Severity: minor Tags: patch Hi! In our setup we use rkhunter on several systems and monitor the results of the daily runs via our monitoring system. So, we'd like to disable the report mails. However, unsetting MAIL-ON-WARNING in /etc/rkhunter.conf wasn't enough, as we found out, that mails are also send from the cronjob itselfe (Why, if I may ask? Doesn't rkhunter itself already has the mail feature?) Unsetting REPORT_EMAIL in /etc/cron.daily/rkhunter also didn't solved the issue for us, as the | /usr/sbin/sendmail $REPORT_EMAIL in the cronjob fails. However, with the following patch: -if [ -s $OUTFILE ]; then +if [ -s $OUTFILE -a -n $REPORT_EMAIL ]; then Report mails can be disabled, while keeping the functionality. Best regards, Alexander -- System Information: Debian Release: 5.0.9 APT prefers oldstable APT policy: (500, 'oldstable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-xen-686 (SMP w/1 CPU core) Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15) (ignored: LC_ALL set to de_DE@euro) Shell: /bin/sh linked to /bin/bash Versions of packages rkhunter depends on: ii binutils2.18.1~cvs20080103-7 The GNU assembler, linker and bina ii debconf [debconf-2. 1.5.24 Debian configuration management sy ii file4.26-1 Determines file type using magic ii net-tools 1.60-22 The NET-3 networking toolkit ii perl5.10.0-19lenny5 Larry Wall's Practical Extraction ii postfix [mail-trans 2.5.5-1.1+lenny1 High-performance mail transport ag Versions of packages rkhunter recommends: ii curl 7.18.2-8lenny5 Get a file from an HTTP, HTTPS or ii iproute 20080725-2 networking and traffic control too ii libmd5-perl 2.03-1 backwards-compatible wrapper for D ii links2.1pre37-1.1Web browser running in text mode ii lynx 2.8.7dev9-2.1 Text-mode WWW Browser (transitiona ii unhide 20080519-2 Forensic tool to find hidden proce ii wget 1.11.4-2+lenny2 retrieves files from the web Versions of packages rkhunter suggests: ii bsd-mailx 8.1.2-0.20071201cvs-3 A simple mail user agent -- debconf information: * rkhunter/apt_autogen: true * rkhunter/cron_daily_run: true * rkhunter/cron_db_update: true ---End Message--- ---BeginMessage--- Source: rkhunter Source-Version: 1.3.8-10 We believe that the bug you reported is fixed in the latest version of rkhunter, which is due to be installed in the Debian FTP archive: rkhunter_1.3.8-10.debian.tar.gz to main/r/rkhunter/rkhunter_1.3.8-10.debian.tar.gz rkhunter_1.3.8-10.dsc to main/r/rkhunter/rkhunter_1.3.8-10.dsc rkhunter_1.3.8-10_all.deb to main/r/rkhunter/rkhunter_1.3.8-10_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 647...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Julien Valroff jul...@debian.org (supplier of updated rkhunter package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 03 Nov 2011 19:49:55 +0100 Source: rkhunter Binary: rkhunter Architecture: source all Version: 1.3.8-10 Distribution: unstable Urgency: low Maintainer: Debian Forensics forensics-devel@lists.alioth.debian.org Changed-By: Julien Valroff jul...@debian.org Description: rkhunter - rootkit, backdoor, sniffer and exploit scanner Closes: 644326 647493 Changes: rkhunter (1.3.8-10) unstable; urgency=low . * Remove all references to now inexistant /dev/.udev* directories in the default configuration (Closes: #644326) * Actually allow deactivation of reports -