Bug#626643: rkhunter: Multiple ALLOWPROCDELFILE options not working anymore
Package: rkhunter Version: 1.3.8-4 Severity: normal Among other things, when the daily cronjob runs, I get the following processes with open deleted files: Process: /usr/bin/kdeinit4PID: 599File: /dev/pts/2 Process: /usr/bin/gnome-terminalPID: 4971File: /tmp/vteLAK4UV If I put this in my /etc/rkhunter.conf.local: ALLOWPROCDELFILE=/usr/bin/kdeinit4 then the first one disappears and I'm left with: Process: /usr/bin/gnome-terminalPID: 4971File: /tmp/vteLAK4UV However, if I put this in my /etc/rkhunter.conf.local: ALLOWPROCDELFILE=/usr/bin/kdeinit4 ALLOWPROCDELFILE=/usr/bin/gnome-terminal then none of them are filtered and I'm left with the original two: Process: /usr/bin/kdeinit4PID: 599File: /dev/pts/2 Process: /usr/bin/gnome-terminalPID: 4971File: /tmp/vteLAK4UV the same problem exists if I merge the two options into a single option: ALLOWPROCDELFILE=/usr/bin/kdeinit4 /usr/bin/gnome-terminal Cheers, Francois -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.38.6-grsec+ (SMP w/2 CPU cores; PREEMPT) Locale: LANG=fr_CA.utf8, LC_CTYPE=fr_CA.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages rkhunter depends on: ii binutils 2.21.51.20110421-3 The GNU assembler, linker and bina ii debconf [debconf-2.0] 1.5.39 Debian configuration management sy ii file 5.04-5+b1 Determines file type using magic ii net-tools 1.60-23The NET-3 networking toolkit ii perl 5.10.1-20 Larry Wall's Practical Extraction ii ucf 3.0025+nmu2Update Configuration File: preserv Versions of packages rkhunter recommends: ii curl 7.21.6-1 Get a file from an HTTP, HTTPS or ii iproute20110315-1networking and traffic control too ii lsof 4.81.dfsg.1-1 List open files ii postfix [mail-transport-ag 2.8.3-1 High-performance mail transport ag pn unhide none(no description available) pn unhide.rb none(no description available) ii wget 1.12-3.1 retrieves files from the web Versions of packages rkhunter suggests: ii libdigest-sha1-perl 2.13-1 NIST SHA-1 message digest algorith pn libdigest-whirlpool-per none (no description available) ii liburi-perl 1.58-1 module to manipulate and access UR ii libwww-perl 6.01-3 simple and consistent interface to ii mailutils [mailx] 1:2.2+dfsg1-3+b1 GNU mailutils utilities for handli ii powermgmt-base 1.31 Common utils and configs for power pn tripwirenone (no description available) -- Configuration Files: /etc/cron.daily/rkhunter changed [not included] /etc/default/rkhunter changed [not included] -- debconf information: * rkhunter/apt_autogen: yes * rkhunter/cron_daily_run: yes * rkhunter/cron_db_update: yes ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/forensics-devel
Bug#751347: grep: write error
Adding set +x to the top of /usr/bin/rkhunter, here's where that error comes from: + [ -n /usr/bin/lsof ] + FOUND=0 + WHITEPROC= + BLACKPROC= + /usr/bin/lsof -wnlP +c 0 + grep (dele + head -n 1 grep: write error + DELE_FILES=git 4132 10002u CHR 136,0 0t0 3 /dev/pts/0 (deleted) + [ -n git 4132 10002u CHR 136,0 0t0 3 /dev/pts/0 (deleted) ] + PIDLIST= + get_option 2 multi ALLOWPROCDELFILE + OPTTYPE=2 + OPTMULTI=multi + OPTV=ALLOWPROCDELFILE + grep -h ^ALLOWPROCDELFILE= /etc/rkhunter.conf /etc/rkhunter.conf.local It looks like it comes from the optional PROCDEL module (which I have turned ON). However, if I run the offending command manually: /usr/bin/lsof -wnlP +c 0 | grep '(dele' | head -n 1 that works just fine. I don't know what that error even means. There's plenty of free space on all of my disk partitions. Francois -- Francois Marier identi.ca/fmarier http://fmarier.org twitter.com/fmarier ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#743725: Fixed in 1.4.2-0.1 NMU
I have just uploaded an NMU of the latest upstream to the DELAYED/4 queue. If it's accepted, it will hopefully bring that version to jessie. Francois -- Francois Marier identi.ca/fmarier http://fmarier.org twitter.com/fmarier ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#765911: rkhunter: 1.4.2-0.1 breaks the apt hook
Package: rkhunter Version: 1.4.2-0.1 Severity: normal The last NMU broke the apt hook. After installing/remove packages, we now get the following error message: Invalid SCRIPTWHITELIST configuration option: Non-existent pathname: /usr/sbin/prelink E: Problem executing scripts DPkg::Post-Invoke 'if [ -x /usr/bin/rkhunter ] grep -qiE '^APT_AUTOGEN=.?(true|yes)' /etc/default/rkhunter; then /usr/share/rkhunter/scripts/rkhupd.sh; fi' E: Sub-process returned an error code While it doesn't interfere with apt, it breaks rkhunter db updates for those people that don't have the prelink package installed. The fix is to comment out this line in /etc/rkhunter.conf: SCRIPTWHITELIST=/usr/sbin/prelink Francois ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#765912: rkhunter: 1.4.2-0.2 NMU
Package: rkhunter Version: 1.4.2-0.1 Severity: normal This second NMU is a follow-up to my last one to fix a regression introduced in the conffile of 1.4.2-0.1 (bug #765911). Since I was editing the conffile, I also took the opportunity to tweak a comment and fix bug #765901. Full debdiff is attached. Francois diff -Nru rkhunter-1.4.2/debian/changelog rkhunter-1.4.2/debian/changelog --- rkhunter-1.4.2/debian/changelog 2014-10-15 00:05:04.0 +1300 +++ rkhunter-1.4.2/debian/changelog 2014-10-19 20:14:41.0 +1300 @@ -1,3 +1,11 @@ +rkhunter (1.4.2-0.2) unstable; urgency=medium + + * Non-maintainer upload. + * Fix apt hook (closes: #765911) + * Mention unhide.rb in conffile comment (closes: #765878) + + -- Francois Marier franc...@debian.org Sun, 19 Oct 2014 20:07:10 +1300 + rkhunter (1.4.2-0.1) unstable; urgency=medium * Non-maintainer upload. diff -Nru rkhunter-1.4.2/debian/patches/05_custom_conffile.diff rkhunter-1.4.2/debian/patches/05_custom_conffile.diff --- rkhunter-1.4.2/debian/patches/05_custom_conffile.diff 2014-10-15 00:05:04.0 +1300 +++ rkhunter-1.4.2/debian/patches/05_custom_conffile.diff 2014-10-19 20:14:41.0 +1300 @@ -36,8 +36,8 @@ # either of the options below are specified, then they will override the # program defaults. # -+# hidden_procs test requires the unhide command which is part of the unhide -+# package in Debian. ++# hidden_procs test requires the unhide and/or unhide.rb commands which are ++# part of the unhide respectively unhide.rb packages in Debian. +# +# apps test is disabled by default as it triggers warnings about outdated +# applications (and warns about possible security risk: we better trust @@ -71,7 +71,7 @@ +SCRIPTWHITELIST=/usr/bin/ldd +SCRIPTWHITELIST=/usr/bin/lwp-request +SCRIPTWHITELIST=/usr/sbin/adduser -+SCRIPTWHITELIST=/usr/sbin/prelink ++#SCRIPTWHITELIST=/usr/sbin/prelink +#SCRIPTWHITELIST=/usr/bin/unhide.rb # ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#766096: rkhunter: The daily cronjob in 1.4.2-0.2 has warnings
Package: rkhunter Version: 1.4.2-0.2 Severity: normal rkhunter sends the following email once a day: From: root root@hostname To: root@hostname Subject: [rkhunter] hostname - Daily report Invalid RTKT_FILE_WHITELIST configuration option: Non-existent pathname: /etc/init.d/hdparmSP/etc/init.d/.depend.stopSP/etc/init.d/checkroot.shSP/etc/init.d/.depend.boot I intend to prepare a fix for this after 1.4.2-0.2 makes it to testing, and then ask the trivial fix (commenting out a few lines) to be considered for a freeze exception in jessie. Francois -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.16-2-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_CA.utf8, LC_CTYPE=fr_CA.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages rkhunter depends on: ii binutils 2.24.90.20141014-1 ii debconf [debconf-2.0] 1.5.53 ii file 1:5.20-1 ii net-tools 1.60-26 ii perl 5.20.1-1 ii ucf3.0030 Versions of packages rkhunter recommends: ii curl7.38.0-2 ii iproute 1:3.16.0-2 ii lsof4.86+dfsg-1 ii postfix [mail-transport-agent] 2.11.2-1 pn unhide.rb | unhide none ii wget1.15-1+b1 Versions of packages rkhunter suggests: ii bsd-mailx [mailx] 8.1.2-0.20140825cvs-1 ii libdigest-whirlpool-perl 1.09-1+b2 ii liburi-perl 1.64-1 ii libwww-perl 6.08-1 ii powermgmt-base1.31+nmu1 pn tripwire none -- debconf information: * rkhunter/apt_autogen: true * rkhunter/cron_daily_run: true * rkhunter/cron_db_update: true ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#768396: rkhunter: 1.4.2-0.3 NMU
Package: rkhunter Version: 1.4.2-0.2 Severity: normal This NMU fixes a new bug (#767731) introduced upstream in 1.4.2. It consists of a new one-line patch (debian/patches/20_fix-ipcs-language.diff) which I have also submitted upstream. Full debdiff is attached. Francois diff -Nru rkhunter-1.4.2/debian/changelog rkhunter-1.4.2/debian/changelog --- rkhunter-1.4.2/debian/changelog 2014-10-19 20:14:41.0 +1300 +++ rkhunter-1.4.2/debian/changelog 2014-11-07 14:35:51.0 +1300 @@ -1,3 +1,10 @@ +rkhunter (1.4.2-0.3) unstable; urgency=medium + + * Non-maintainer upload. + * Fix IPCS command on non-English locales (closes: #767731) + + -- Francois Marier franc...@debian.org Fri, 07 Nov 2014 14:34:19 +1300 + rkhunter (1.4.2-0.2) unstable; urgency=medium * Non-maintainer upload. diff -Nru rkhunter-1.4.2/debian/patches/20_fix-ipcs-language.diff rkhunter-1.4.2/debian/patches/20_fix-ipcs-language.diff --- rkhunter-1.4.2/debian/patches/20_fix-ipcs-language.diff 1970-01-01 12:00:00.0 +1200 +++ rkhunter-1.4.2/debian/patches/20_fix-ipcs-language.diff 2014-11-07 14:35:51.0 +1300 @@ -0,0 +1,18 @@ +Description: Force english locale for ipcs call +Author: Francois Marier franc...@debian.org +Forwarded: https://sourceforge.net/p/rkhunter/patches/42/ +Last-Update: 2014-11-07 +Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=767731 +Bug: https://sourceforge.net/p/rkhunter/bugs/130/ + +--- a/files/rkhunter b/files/rkhunter +@@ -13964,7 +13964,7 @@ ${FOUND_PROCS} + touch ${IPCS_TMPFILE} + FOUND=0; echo $FOUND ${IPCS_TMPFILE} + +-if [ `${IPCS_CMD} -u 2/dev/null | awk -F' ' '/segments allocated/ {print $3}'` -ne 0 ]; then ++if [ `LANG=C ${IPCS_CMD} -u 2/dev/null | awk -F' ' '/segments allocated/ {print $3}'` -ne 0 ]; then + ${IPCS_CMD} -m | grep ^0x | while read RKH_SHM_KEY RKH_SHM_SHMID RKH_SHM_OWNER RKH_SHM_PERMS RKH_SHM_BYTES RKH_SHM_NATTACH RKH_SHM_STATUS; do + if [ $RKH_SHM_PERMS -eq 666 -a $RKH_SHM_BYTES -ge 100 ]; then + FOUND=1; echo $FOUND ${IPCS_TMPFILE} diff -Nru rkhunter-1.4.2/debian/patches/series rkhunter-1.4.2/debian/patches/series --- rkhunter-1.4.2/debian/patches/series 2014-10-19 20:14:41.0 +1300 +++ rkhunter-1.4.2/debian/patches/series 2014-11-07 14:35:51.0 +1300 @@ -1,3 +1,4 @@ 05_custom_conffile.diff 10_fix-man.diff 15_remove-empty-dir.diff +20_fix-ipcs-language.diff ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#770242: Tentative patch
The attached patch fixes installation when /etc/rkhunter.conf is missing. -- Francois Marier identi.ca/fmarier http://fmarier.org twitter.com/fmarier commit f91d229ad51b19d52b979720f8a1edf1e2aea385 Author: Francois Marier franc...@debian.org Date: Sat Nov 29 00:27:20 2014 +1300 Work-around missing /etc/rkhunter.conf in postinst (closes: #770242) diff --git a/debian/postinst b/debian/postinst old mode 100644 new mode 100755 index 7179cff..d93fdd6 --- a/debian/postinst +++ b/debian/postinst @@ -35,7 +35,10 @@ case $1 in # Copy the passwd/group files to the TMP directory # to avoid warnings when rkhunter is first run. # This is normally done by the installer script. -rkhtmpdir=$(grep '^TMPDIR' /etc/rkhunter.conf | sed 's/TMPDIR=//') +rkhtmpdir=/var/lib/rkhunter/tmp +if [ -e /etc/rkhunter.conf ]; then +rkhtmpdir=$(grep '^TMPDIR' /etc/rkhunter.conf | sed 's/TMPDIR=//') +fi [ -f $rkhtmpdir/passwd ] || cp -p /etc/passwd $rkhtmpdir /dev/null 21 [ -f $rkhtmpdir/group ] || cp -p /etc/group $rkhtmpdir /dev/null 21 ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#770242: Broken postinst script?
This bug looks similar to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765911 which got fixed in 1.4.2-0.3 by removing the /usr/sbin/prelink line from the config file. I've chosen to keep currently-installed version of /etc/rkhunter.conf That's a problem and won't work because the configuration file format has changed between 1.4.0 and 1.4.2. I don't think we necessarily can (or should) fix this. Users should accept the new config file and merge their changes manually. I did not dig deeper but it looks like something is broken in postinst configuration handling... My patch should fix that problem. Francois ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Re: rkhunter is marked for autoremoval from testing
On 2014-11-28 at 12:29:53, Michael Prokop wrote: * Francois Marier [Sat Nov 29, 2014 at 12:07:49AM +1300]: On 2014-11-28 at 11:08:13, Michael Prokop wrote: * Debian testing autoremoval watch [Thu Nov 27, 2014 at 04:39:04AM +]: rkhunter 1.4.2-0.3 is marked for autoremoval from testing on 2014-12-19 It is affected by these RC bugs: 770242: rkhunter: upgrade/post-install errors I've just commented on that bug, it looks fairly simple to fix. Great, thanks. If someone else wants to take a look and review my patch (attached to the bug), I can take care of uploading -0.4 tomorrow. Great, any chance that you're willing to help us out in maintaining rkhunter? If so it would be great if you could just join our forencis group at https://alioth.debian.org/projects/forensics/ - then as soon as I (or someone else with admin permissions) grants you access to the group you should have write permissions on our git repository too. Sure, I can help with rkhunter, but I'm not really looking to maintain a lot more packages :) So if that's alright with you, I'll stay off of the mailing list and just subscribe to the rkhunter package. Francois -- Francois Marier identi.ca/fmarier http://fmarier.org twitter.com/fmarier signature.asc Description: Digital signature ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#765902: Suggestion?
Hi Christoph, I just pushed out a big update (1.4.2-1) to the dependencies and have addressed a few of the things you pointed out. Would you like to suggest actual wording (for the package description) for the suggests/recommends that are left? Francois ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#765898: rkhunter: default values of file/command/pathname exceptions
On 2015-04-29 11:15, Christoph Anton Mitterer wrote: #SYSLOG_CONFIG_FILE=/etc/syslog.conf = while rkhunter will determine this automatically, it may still be nice to set it to /etc/rsyslog.conf on Debian, since rsyslog is the default I'm not sure I enough about this (since it's working) to patch the upstream source further. SCRIPTWHITELIST=/usr/bin/unhide.rb = maybe it makes also sense un-comment from that line, since rkhunter Recommneds unhide.rb and it's likely to be installed See als bug #. That's going to lead to a failure on machines that don't have it unfortunately. At least until http://sourceforge.net/p/rkhunter/feature-requests/41/ is fixed. INSTALLDIR=/usr = which isn't contained in the upstream default rkhunter.conf. Is this perhaps just a leftover? It could very well be. We'd have to test with and without. For the following, I'm not really sure why I didn't suggest sha512 instead of sha256: HASH_CMD = As part of crypto strengthening, I'd probably suggest to set this to: HASH_CMD=sha512sum Isn't sha512sum slower than sha256sum? As long as sha256 is considered strong, I would favour the more efficient tool. Further, I've seen you commented: #SCRIPTWHITELIST=/usr/bin/lwp-request It's also suggested by rkhunter... so similarly to unhide.rb,... it *may* make sense to have this enabled per default. But I have no strong opinion on either of the two. See above comment. Francois ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#791486: /usr/bin/rkhunter: 7439: [: Binary: unexpected operator
On 2015-07-05 at 16:52:04, Pedro Beja wrote: doing an update I get the following error line: $ sudo rkhunter --update [snip] /usr/bin/rkhunter: 7439: [: Binary: unexpected operator Checking file i18n/tr[ No update ] Checking file i18n/tr.utf8 [ No update ] /usr/bin/rkhunter: 7439: [: Binary: unexpected operator Checking file i18n/zh [ No update ] Checking file i18n/zh.utf8[ No update ] This seems to happen only on non-English locales. Try this (as root): LANG=C rkhunter --update If I output the variables from line 7439 on a fr_CA locale, I get this: Checking rkhunter data files... Checking file mirrors.dat [ No update ] Checking file programs_bad.dat [ No update ] Checking file backdoorports.dat[ No update ] Checking file suspscan.dat [ No update ] PROG_VERS=2009091601; LATEST_VERS=2009091601 Checking file i18n/cn [ No update ] PROG_VERS=2014010301; LATEST_VERS=2014010301 Checking file i18n/de [ No update ] PROG_VERS=2013112401; LATEST_VERS=2013112401 Checking file i18n/en [ No update ] PROG_VERS=Fichier binaire /var/lib/rkhunter/db/i18n/tr correspondant; LATEST_VERS=2014030201 /usr/bin/rkhunter: 7440: [: Fichier: unexpected operator Checking file i18n/tr [ No update ] PROG_VERS=2014030201; LATEST_VERS=2014030201 Checking file i18n/tr.utf8 [ No update ] PROG_VERS=Fichier binaire /var/lib/rkhunter/db/i18n/zh correspondant; LATEST_VERS=2009091601 /usr/bin/rkhunter: 7440: [: Fichier: unexpected operator Checking file i18n/zh [ No update ] PROG_VERS=2009091601; LATEST_VERS=2009091601 Checking file i18n/zh.utf8 [ No update ] The attached patch to the cronjob in /etc is a work-around until this is fixed upstream. Francois diff --git a/cron.weekly/rkhunter b/cron.weekly/rkhunter index 6976920..e82cd5a 100755 --- a/cron.weekly/rkhunter +++ b/cron.weekly/rkhunter @@ -25,12 +25,12 @@ case $CRON_DB_UPDATE in echo To: $REPORT_EMAIL echo $RKHUNTER --versioncheck --nocolors --appendlog -$RKHUNTER --update --nocolors --appendlog +LANG=C $RKHUNTER --update --nocolors --appendlog ) | /usr/sbin/sendmail $REPORT_EMAIL ;; *) $RKHUNTER --versioncheck --appendlog 1/dev/null 2$OUTFILE -$RKHUNTER --update --appendlog 1/dev/null 2$OUTFILE +LANG=C $RKHUNTER --update --appendlog 1/dev/null 2$OUTFILE ;; esac ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#816170: False positive deleted files after upgrade from wheezy to jessie
On 2016-04-26 at 13:50:21, Klaus Ethgen wrote: > Find attached a patch, cherry-picked from upstream, that fixes the > issue. Particular, it is c4d6d8b, 1e5e79a and b4a21a8. Which upstream repo did you pull that from? The only repo I know about is a CVS one on Sourceforge: http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/ Francois -- https://fmarier.org/ ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#865972: #865972 - same problem of false positive regarding PermitRootLogin parameter
On 2017-08-08 at 18:57:25, Jean-Marc wrote: > So, if the default value "prohibit-password" is secure enough, maybe changing > this line > > ALLOW_SSH_ROOT_USER=unset > > can solve this. It looks fine to me, but I'm not entirely sure that we should stop recommending that root logins be disabled. Also, if we disable the check, then it won't warn if someone has root logins enabled with passwords. I will leave it as it is for now. Francois -- https://fmarier.org/ ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Bug#868099: rkhunter: clean up legacy conffile
On 2017-07-12 at 02:50:27, Christoph Anton Mitterer wrote: > Apparently the package used to contain: > /etc/default/rkhunter > as a dpkg conffile but no longer does and ships it manually managed instead. > > This file was however not properly cleaned up as conffile and is still marked > as such. > Could you please to so in one of the next versions, so that > people will get the clean up? :-) Do you know what the correct to do this is? Francois ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Re: Wheezy update of rkhunter?
On 2017-07-02 at 16:46:40, Thorsten Alteholz wrote: > The Debian LTS team would like to fix the security issues which are > currently open in the Wheezy version of rkhunter: > https://security-tracker.debian.org/tracker/CVE-2017-7480 > > Would you like to take care of this yourself? I'm thinking of disabling updates (as per #765895) entirely once the current fix has migrated to testing. That should be a really easy fix to backport to stretch, jessie and wheezy. Francois -- https://fmarier.org/ signature.asc Description: PGP signature ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Accepted rkhunter 1.4.6-1 (source all) into unstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Fri, 23 Feb 2018 09:55:31 -0800 Source: rkhunter Binary: rkhunter Architecture: source all Version: 1.4.6-1 Distribution: unstable Urgency: medium Maintainer: Debian Forensics <forensics-devel@lists.alioth.debian.org> Changed-By: Francois Marier <franc...@debian.org> Description: rkhunter - rootkit, backdoor, sniffer and exploit scanner Closes: 848666 887210 Changes: rkhunter (1.4.6-1) unstable; urgency=medium . * New upstream release . * Bump Standards-Version up to 4.1.3 * Bump debhelper compatibility to 11 * Remove trailing whitespace in debian/changelog * Switch VCS URLs to salsa.debian.org * Recommend s-nail instead of heirloom-mailx (closes: #848666) * Recommend e2fsprogs explicitly (closes: #887210) * Run "wrap-and-sort -ast" . * Switch to HTTPS URL for debian copyright format * Add myself to debian/copyright * Fixup upstream copyright based on homepage * Relicense packaging to GPL2+ with permission from Emanuele, Micah and Julien so that it matches the upstream license. Checksums-Sha1: fc099ac1c96fae8275fb819492d520acfaaf3238 2056 rkhunter_1.4.6-1.dsc 22e646dec315d7316d65a3366a30ff8e5644dcfc 303187 rkhunter_1.4.6.orig.tar.gz da12721d1a6ec07e1abefe64a7bb12ed9c49eb6b 26584 rkhunter_1.4.6-1.debian.tar.xz a992a55d90879de8c36a5b59245b7baab8eb94f9 255576 rkhunter_1.4.6-1_all.deb 1318a248d08c1a7ef8364d41de0ed87efecc9cc4 5516 rkhunter_1.4.6-1_amd64.buildinfo Checksums-Sha256: ed1b7209f13795307bdd7fd7714c1329b31826dceae863df72cf92194f2dd9f6 2056 rkhunter_1.4.6-1.dsc 9c0f310583ff0dd8168010acd45c7d2e3a37e176300ac642269bce3d759ebda0 303187 rkhunter_1.4.6.orig.tar.gz f6d662fca1bf62291d5760da696cb86e72be5e3ee7686d1cf27b442c0fff1e7d 26584 rkhunter_1.4.6-1.debian.tar.xz 08024065ed0826af2d056cb7e6207079f445ea1369ffa29ef6f332ab5d719c86 255576 rkhunter_1.4.6-1_all.deb e6f651aded6871a4d75e6a13be205dca66278066f379f92b51caa8dea4ab17ba 5516 rkhunter_1.4.6-1_amd64.buildinfo Files: cad92c4e7b0ef71b19183df1f51a1bb1 2056 admin optional rkhunter_1.4.6-1.dsc 54762d04ec7faa0736cc151271b02c06 303187 admin optional rkhunter_1.4.6.orig.tar.gz ce62539ff379e54d755b95a67d09936b 26584 admin optional rkhunter_1.4.6-1.debian.tar.xz d44ccada5797499a6cff62f12ec9d555 255576 admin optional rkhunter_1.4.6-1_all.deb 350e5e20dfb6f4f756d882466dfb9857 5516 admin optional rkhunter_1.4.6-1_amd64.buildinfo -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEEjEcLKgsxVo4RDUMlFigfLgB8mNEFAlqTCRFfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDhD NDcwQjJBMEIzMTU2OEUxMTBENDMyNTE2MjgxRjJFMDA3Qzk4RDEACgkQFigfLgB8 mNGwEA/+Ia8iv5mSpW914CvvkIrlK3vp/uvpT2R7s99W/r/lHn2FUN4Hs1FsDw+Z ipmelk5mvtTa3WWeiTUnalpaHgwph3E/tupR80tXJ1spmYLyK5V98ku4ZuS5QTM6 Q7X7zMlI70WFTHG8Tw9tCP3fz4k6bZsebpLOICSmQIwcmfQx9f2p+Y5KQu5rXtyd I5WQOKIv8WSF5rA+grYOWD/BafpR41Cn8rbJKUX9RFYdHptzQAnmRI3JNadahYRc Xo9uXgHcsO/x7nDHSgWRdOPZ9pv0MmuX8CeFxmFBgU2CFqJM8uJtWFN/20u7ThK6 XjhAxQ8VVp5UMdGpfQ5xX81k2adublx8zVWeDgXy2OOE1bwcfpUg21ON3HA1+I0n 8KToU+QL4D07F6k7FgeWVUAGptRHIW323zGeoOnIl4oU/8YBgckGlQwwPWIiiBeF 110/KVpYD+4kI0lbP4y3FfxiWeE/IOm9eY2GVDaXrIiNffgn2Oge/siuPkKSNivF N27gnfmy+Rc6g0IpwI2eXITiDsvRyZuO1S5FgpWivBAPJVJbhK8wW9o8QoZ/BKa3 eh1oO7yRrUrxpctda9NPu5GaNh0GcI+URPY00Ki4TKjB/GlFi1lm4wZ5tNMXkLce bYtneKFIZ5oroNTP1A+GBr08iPd42dA0bbrJ+hyn4wy39v4a7Rk= =puK4 -END PGP SIGNATURE- ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
Accepted rkhunter 1.4.6-2 (source all) into unstable
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Sun, 04 Mar 2018 09:18:26 -0800 Source: rkhunter Binary: rkhunter Architecture: source all Version: 1.4.6-2 Distribution: unstable Urgency: medium Maintainer: Debian Security Tools <team+pkg-secur...@tracker.debian.org> Changed-By: Francois Marier <franc...@debian.org> Description: rkhunter - rootkit, backdoor, sniffer and exploit scanner Closes: 892012 Changes: rkhunter (1.4.6-2) unstable; urgency=medium . [ Raphaƫl Hertzog ] * Update team maintainer address to Debian Security Tools . [ Francois Marier ] * Fix bashism (closes: #892012) Checksums-Sha1: 33c0e51179d5e2b71893eb1bea8bb8c09ffc7d04 2058 rkhunter_1.4.6-2.dsc 683f3ba93f6a5442492db53c8e49890e8a2a3aa1 26880 rkhunter_1.4.6-2.debian.tar.xz 384d0badc12c81fb1038b46517b74610c678e81c 255756 rkhunter_1.4.6-2_all.deb d89c126c03c28d726ca0fb2e7985f9b2588a377a 5516 rkhunter_1.4.6-2_amd64.buildinfo Checksums-Sha256: 0503096ff26a962093e6446782ba66b4eb522e9c4d9dfe9d5b0e150719555f9c 2058 rkhunter_1.4.6-2.dsc 241192c9ce81e2ae17ce39b7136aefc821bcce88cc5e5675385f715da3c60fab 26880 rkhunter_1.4.6-2.debian.tar.xz 16d643f80e0485b02b3caa5aa189f7a0593a68be97ffc2463033e669f5def7cb 255756 rkhunter_1.4.6-2_all.deb d3c0851e674edb4390797ca32e64041c3862db0e59a3b05028ef6dd5edf60a09 5516 rkhunter_1.4.6-2_amd64.buildinfo Files: 27d289dfa36c13ab186049519f2c 2058 admin optional rkhunter_1.4.6-2.dsc f26c78735345a30a2b61ce46c85dd31b 26880 admin optional rkhunter_1.4.6-2.debian.tar.xz d43e5cc54bdd0e7070b358922e61058a 255756 admin optional rkhunter_1.4.6-2_all.deb adba341c9f00b13d4a77484e118d2be0 5516 admin optional rkhunter_1.4.6-2_amd64.buildinfo -BEGIN PGP SIGNATURE- iQKTBAEBCgB9FiEEjEcLKgsxVo4RDUMlFigfLgB8mNEFAlqcKwFfFIAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDhD NDcwQjJBMEIzMTU2OEUxMTBENDMyNTE2MjgxRjJFMDA3Qzk4RDEACgkQFigfLgB8 mNGBTA//Ug20MStMNK9OI+YLoTho4rMxCfZbhLriW+AZDgrApug7sa7mxTinDtdU 6Ft8SpuUZB16YpOtXsyliw93z1ELVKw1fzn05UDbCx190eXNvnpdZ3hakcMauV1x 2TZsTuMhA4fGCFL5uleCe9/++4a4r8yqxyvUGH1ACxEfwWVZYk7MYuQvKQOQ0xID RbYs9KwfOR+iv8ZBd5G7iX8IAqMRmA4FZytUOu9MKVpMb0lPAsSSxkQu6yBUhgOA wn4ehpPvFyl3Hko/F98yqSVALf8BtFjmLnKt6Nm54A+o8GJlIpbywxxmDawEYjR0 JyHrR2/E6JsfoKchaKLqybXV0NFMbwnF+xmZzQH2FIThKofxgmYG26TetVmLIOtR MsW7b6pOuOgoGDJD7ZpQSq77P3S51ChAyfehWZA42BC5uWbgdNMHpVZv+yracWcN Z4ha9P+ZVFK57vd5QbzPRQeUSeO0N3aNbova5IvRXeCS8hkxnLQdUFfIaBJ3KNYN 3P5gP5OX4C+TQELpBqqJtgGEQuTMKoN+C80K3kxVEKSnhLeoNvJaur7pQ7jc1Xzq /NyyzPoGbH0Op01Ll3VJjYcePZmaxUSTFydlx/8EjvD6B4TTmTRSh9gkChgNUcXc I0UAqDgiZeUNrgTRKAjGgDWC2BK+qhanJ9zKB3W6tbaraEvqnyk= =rjcs -END PGP SIGNATURE- ___ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel