Bug#626643: marked as done (rkhunter: Multiple ALLOWPROCDELFILE options not working anymore)

Sat, 14 May 2011 14:20:03 -0700 

Your message dated Sat, 14 May 2011 21:06:48 +0000
with message-id <e1qlm2y-0002by...@franck.debian.org>
and subject line Bug#626643: fixed in rkhunter 1.3.8-6
has caused the Debian Bug report #626643,
regarding rkhunter: Multiple ALLOWPROCDELFILE options not working anymore
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
626643: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626643
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: rkhunter
Version: 1.3.8-4
Severity: normal

Among other things, when the daily cronjob runs, I get the following
processes with open deleted files:

  Process: /usr/bin/kdeinit4    PID: 599    File: /dev/pts/2
  Process: /usr/bin/gnome-terminal    PID: 4971    File: /tmp/vteLAK4UV

If I put this in my /etc/rkhunter.conf.local:

  ALLOWPROCDELFILE="/usr/bin/kdeinit4"

then the first one disappears and I'm left with:

  Process: /usr/bin/gnome-terminal    PID: 4971    File: /tmp/vteLAK4UV

However, if I put this in my /etc/rkhunter.conf.local:

  ALLOWPROCDELFILE="/usr/bin/kdeinit4"
  ALLOWPROCDELFILE="/usr/bin/gnome-terminal"

then none of them are filtered and I'm left with the original two:

  Process: /usr/bin/kdeinit4    PID: 599    File: /dev/pts/2
  Process: /usr/bin/gnome-terminal    PID: 4971    File: /tmp/vteLAK4UV

the same problem exists if I merge the two options into a single option:

  ALLOWPROCDELFILE="/usr/bin/kdeinit4 /usr/bin/gnome-terminal"

Cheers,
Francois

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.38.6-grsec+ (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=fr_CA.utf8, LC_CTYPE=fr_CA.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages rkhunter depends on:
ii  binutils              2.21.51.20110421-3 The GNU assembler, linker and bina
ii  debconf [debconf-2.0] 1.5.39             Debian configuration management sy
ii  file                  5.04-5+b1          Determines file type using "magic"
ii  net-tools             1.60-23            The NET-3 networking toolkit
ii  perl                  5.10.1-20          Larry Wall's Practical Extraction 
ii  ucf                   3.0025+nmu2        Update Configuration File: preserv

Versions of packages rkhunter recommends:
ii  curl                       7.21.6-1      Get a file from an HTTP, HTTPS or 
ii  iproute                    20110315-1    networking and traffic control too
ii  lsof                       4.81.dfsg.1-1 List open files
ii  postfix [mail-transport-ag 2.8.3-1       High-performance mail transport ag
pn  unhide                     <none>        (no description available)
pn  unhide.rb                  <none>        (no description available)
ii  wget                       1.12-3.1      retrieves files from the web

Versions of packages rkhunter suggests:
ii  libdigest-sha1-perl     2.13-1           NIST SHA-1 message digest algorith
pn  libdigest-whirlpool-per <none>           (no description available)
ii  liburi-perl             1.58-1           module to manipulate and access UR
ii  libwww-perl             6.01-3           simple and consistent interface to
ii  mailutils [mailx]       1:2.2+dfsg1-3+b1 GNU mailutils utilities for handli
ii  powermgmt-base          1.31             Common utils and configs for power
pn  tripwire                <none>           (no description available)

-- Configuration Files:
/etc/cron.daily/rkhunter changed [not included]
/etc/default/rkhunter changed [not included]

-- debconf information:
* rkhunter/apt_autogen: yes
* rkhunter/cron_daily_run: yes
* rkhunter/cron_db_update: yes

--- End Message ---
--- Begin Message --- 
Source: rkhunter
Source-Version: 1.3.8-6

We believe that the bug you reported is fixed in the latest version of
rkhunter, which is due to be installed in the Debian FTP archive:

rkhunter_1.3.8-6.debian.tar.gz
  to main/r/rkhunter/rkhunter_1.3.8-6.debian.tar.gz
rkhunter_1.3.8-6.dsc
  to main/r/rkhunter/rkhunter_1.3.8-6.dsc
rkhunter_1.3.8-6_all.deb
  to main/r/rkhunter/rkhunter_1.3.8-6_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 626...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julien Valroff <jul...@debian.org> (supplier of updated rkhunter package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 14 May 2011 21:57:24 +0200
Source: rkhunter
Binary: rkhunter
Architecture: source all
Version: 1.3.8-6
Distribution: unstable
Urgency: low
Maintainer: Debian Forensics <forensics-devel@lists.alioth.debian.org>
Changed-By: Julien Valroff <jul...@debian.org>
Description: 
 rkhunter   - rootkit, backdoor, sniffer and exploit scanner
Closes: 626643
Changes: 
 rkhunter (1.3.8-6) unstable; urgency=low
 .
   * Add patch from upstream CVS fixing ALLOWPROCDELFILE behaviour
     (Closes: #626643)
Checksums-Sha1: 
 140f0cf27098dd89c6ee3edac6d913e6f5bb87ac 1868 rkhunter_1.3.8-6.dsc
 76d5c9342934ab5ee1ffbd734ba30bae41f647b7 27841 rkhunter_1.3.8-6.debian.tar.gz
 ca6ad548caefff453d6c379a232fa68a8f052b21 216936 rkhunter_1.3.8-6_all.deb
Checksums-Sha256: 
 70059e6a547f94683797d5d0a20b7beb8a1c140ed3fab5f6189f37b81cfac1d5 1868 
rkhunter_1.3.8-6.dsc
 c30111406e5bf0be54db28d1ec06d6023f2afb76a9358bbe014c15818efd48db 27841 
rkhunter_1.3.8-6.debian.tar.gz
 5020e1e5455e16bebf4dae66290625d33088501f2e3ce42c5dc62e1190a0e1c9 216936 
rkhunter_1.3.8-6_all.deb
Files: 
 f1dfbd32f677c90c7aa1e2da02084fd2 1868 admin optional rkhunter_1.3.8-6.dsc
 e2615b368003ae2b2aeb890557ed9e1b 27841 admin optional 
rkhunter_1.3.8-6.debian.tar.gz
 cfc38ad59ff1e3a8aae11b9d91d3f121 216936 admin optional rkhunter_1.3.8-6_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCAAGBQJNzt+/AAoJEIWf72cljiaxEBMP/1ndQFjlb7R+T+WYt7CidBGy
RS30fgUrr3cDGSZIC07ga4H6xz3UXu4Fh3/EgUKXwBkdt5MoKJRBNY8d99qDqXIt
8Zp9Vh+rFkxAV1WEOZOjpqdSURsFt2YKg4rZN95tORPR6Ta4XW/6IUK2ns8b9MlP
xR4JxYhfePnAckSsBNPBJAkS9Uq03hqLY9JuiHNaA+eRkbXzupj2flWtoz5F03q4
U9T/wNEkQB+aQbIBA11rMgTO4QK7OpuJXa4YPaQhRlgZXC/smXwvnAwHNlwWTKVe
4XHgq3k9y3c7gM71eoYNsb+WJgPNanKtn7zaTqNa+C+pj1wr6Yi90L7aRTzlHC2a
C9Wc50u1IuurdULLfvyAxONxYVVQPwav38qzBkS+CjkPZl8+Hmea7DMBg6crvPbP
NZnBn131/z0wq2Sx1RC//U2OWhrlZ/Vzb2RRquC0C4PsJewmAFQZT+/FVjyHp8Xb
5Q2O+IhhvWUoB/kL6QO8oAUQ6yaFEJeLiMzXo36SDl6w38HjQpjFL1q/KDeaLJie
YhRle07YhzMn6bB3Tze9fEzjapQBQri+Y/cJKKMRfUIJT1vuJKCmrLSxpBCHrOxV
frHPyL5WtZD4+4e9C89R99tyWptuz6R65E8qVKDmWk2cxIoVYqAQdnnHftosZ6+A
pHb42zftQewxMLwh9wCx
=vN50
-----END PGP SIGNATURE-----

--- End Message ---
_______________________________________________
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/forensics-devel

Reply via email to