[Bug 86153] Re: rkhunter complains about files shipped by Ubuntu
I can confirm this bug. Running ubuntu 10.04 LTS. How to fix, in await of the bugfix/package update: Add the line ALLOWHIDDENFILE=/dev/.blkid.tab* ...to /etc/rkhunter.conf. Afterwards run the command: rkhunter --propupd ...to update the datafile of rkhunter. And run: rkhunter --check --sk --rwo ...to confirm there are no erros (false positives) anymore. The --sk and ---rwo are skip keypresses and report warnings only options, to make life a little easier. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/86153 Title: rkhunter complains about files shipped by Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rkhunter/+bug/86153/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 86153] Re: rkhunter complains about files shipped by Ubuntu
I'm adding this to bug #219840, which is still open. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/86153 Title: rkhunter complains about files shipped by Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rkhunter/+bug/86153/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 86153] Re: rkhunter complains about files shipped by Ubuntu
I confirm that the bug still exists in Oneiric. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/86153 Title: rkhunter complains about files shipped by Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rkhunter/+bug/86153/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 86153] Re: rkhunter complains about files shipped by Ubuntu
/dev/.blkid.tab is still an issue in oneiric. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/86153 Title: rkhunter complains about files shipped by Ubuntu To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rkhunter/+bug/86153/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 86153] Re: rkhunter complains about files shipped by Ubuntu
Confirmed on Maverick: Warning: Hidden file found: /dev/.blkid.tab: ASCII text Warning: Hidden file found: /dev/.blkid.tab.old: ASCII text There should be added to the shipped rkhunter.conf as ALLOWHIDDENFILE entries. They don't appear to be owned by any installed package (dpkg -S doesn't find them), but I believe they are generated during normal operation of Maverick. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/86153 Title: rkhunter complains about files shipped by Ubuntu -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 86153] Re: rkhunter complains about files shipped by Ubuntu
This is still a problem in Lucid. Had to uncomment the same lines already mentioned, but also had to add ALLOWHIDDENFILE=/dev/.blkid.tab* to stop these warnings. Warning: Hidden file found: /dev/.blkid.tab: ASCII text Warning: Hidden file found: /dev/.blkid.tab.old: ASCII text -- rkhunter complains about files shipped by Ubuntu https://bugs.launchpad.net/bugs/86153 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 86153] Re: rkhunter complains about files shipped by Ubuntu
Uncommented the needed lines in rkhunter.conf, but /dec/.blkid.tab is still not present in default config: Warning: Hidden file found: /dev/.blkid.tab: ASCII text Warning: Hidden file found: /dev/.blkid.tab.old: ASCII text Ubuntu Karmic 32bit -- rkhunter complains about files shipped by Ubuntu https://bugs.launchpad.net/bugs/86153 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 86153] Re: rkhunter complains about files shipped by Ubuntu
I can confirm that on Karmic [21:44:32] Warning: Hidden directory found: /etc/.java [21:44:32] Warning: Hidden directory found: /dev/.udev [21:44:32] Warning: Hidden directory found: /dev/.initramfs [21:44:32] Warning: Hidden file found: /dev/.blkid.tab: ASCII text [21:44:38] -- rkhunter complains about files shipped by Ubuntu https://bugs.launchpad.net/bugs/86153 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 86153] Re: rkhunter complains about files shipped by Ubuntu
From /var/log/rkhunter.log: [15:42:19] Performing filesystem checks [15:42:19] Info: Starting test name 'filesystem' [15:42:19] Info: SCAN_MODE_DEV set to 'THOROUGH' [15:43:43] Checking /dev for suspicious file types [ None found ] [15:43:44] Checking for hidden files and directories [ Warning ] [15:43:44] Warning: Hidden directory found: /dev/.static [15:43:44] Warning: Hidden directory found: /dev/.udev [15:43:44] Warning: Hidden directory found: /dev/.initramfs this is on: [EMAIL PROTECTED]:~$ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=7.10 DISTRIB_CODENAME=gutsy DISTRIB_DESCRIPTION=Ubuntu 7.10 also: [EMAIL PROTECTED]:~$ dpkg -l rkhunter|grep ^ii ii rkhunter 1.3.0-1rootkit, backdoor, sniffer and exploit scanner this is out-of-the-box rkhunter with no config changes on my part. Cheers, CMP -- rkhunter complains about files shipped by Ubuntu https://bugs.launchpad.net/bugs/86153 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 86153] Re: rkhunter complains about files shipped by Ubuntu
Now I feel a bit silly. I see the commented-out lines in the conf file, but I'm wondering why they're commented out and not the default? Cheers, -- rkhunter complains about files shipped by Ubuntu https://bugs.launchpad.net/bugs/86153 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 86153] Re: rkhunter complains about files shipped by Ubuntu
Fixed on 1.3.0-1 now in Gutsy... ** Changed in: rkhunter (Ubuntu) Assignee: (unassigned) = Marco Rodrigues (gothicx) Status: Fix Committed = Fix Released -- rkhunter complains about files shipped by Ubuntu https://bugs.launchpad.net/bugs/86153 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 86153] Re: rkhunter complains about files shipped by Ubuntu
** Changed in: rkhunter (Ubuntu) Importance: Undecided = Low Status: Confirmed = Fix Committed -- rkhunter complains about files shipped by Ubuntu https://bugs.launchpad.net/bugs/86153 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 86153] Re: rkhunter complains about files shipped by Ubuntu
I can confirm this on Feisty as well. I get the following output: * Filesystem checks Checking /dev for suspicious files... [ OK ] Scanning for hidden files... [ Warning! ] --- /etc/.pwd.lock /dev/.tmp-11-0 /dev/.static /dev/.udev /dev/.initramfs /dev/.initramfs-tools --- Please inspect: /dev/.tmp-11-0 (block special (11/0)) /dev/.static (directory) /dev/.udev (directory) /dev/.initramfs (directory) [Press ENTER to continue] -- rkhunter complains about files shipped by Ubuntu https://bugs.launchpad.net/bugs/86153 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 86153] Re: rkhunter complains about files shipped by Ubuntu
I can confirm it. In edgy and feisty, the daily cronjob still always warns about: Found warnings: [07:38:24] WARNING, found: /dev/.static (directory) /dev/.udev (directory) /dev/.initramfs (directory) /etc/.java (directory) ** Changed in: rkhunter (Ubuntu) Status: Unconfirmed = Confirmed -- rkhunter complains about files shipped by Ubuntu https://launchpad.net/bugs/86153 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
