Bug#725866: marked as done (rkhunter: False positive about unhide.rb)

Sat, 25 Apr 2015 05:51:37 -0700 

Your message dated Sun, 26 Apr 2015 00:48:00 +1200
with message-id <20150425124800.gf11...@akranes.dyndns.org>
and subject line Fixed
has caused the Debian Bug report #725866,
regarding rkhunter: False positive about unhide.rb
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
725866: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725866
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: rkhunter
Version: 1.4.0-1
Severity: normal

Hello,
Running rkhunter on a newly configured wheezy system gives:
  /usr/bin/unhide.rb                              [ Warning ]
Warning: The command '/usr/bin/unhide.rb' has been replaced by a script:
/usr/bin/unhide.rb: Ruby script, ASCII text

That file is a ruby script, sha512sums and md5sums have been compared with
another system (which had the following whitelisting configured a long long
time ago) and they match.

Edit /etc/rkhunter.conf:
Add to the bottom of the SCRIPTWHITELIST section:
SCRIPTWHITELIST=/usr/bin/unhide.rb

This corrects the false positive warning.
Thank you



-- System Information:
Debian Release: 7.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages rkhunter depends on:
ii  binutils               2.22-8
ii  debconf [debconf-2.0]  1.5.49
ii  file                   5.11-2
ii  net-tools              1.60-24.2
ii  perl                   5.14.2-21
ii  ucf                    3.0025+nmu3

Versions of packages rkhunter recommends:
ii  curl                                       7.26.0-1+wheezy3
ii  exim4-daemon-light [mail-transport-agent]  4.80-7
ii  iproute                                    20120521-3+b3
ii  lsof                                       4.86+dfsg-1
ii  unhide.rb                                  13-1.1
ii  wget                                       1.13.4-3

Versions of packages rkhunter suggests:
ii  heirloom-mailx [mailx]    12.5-2
pn  libdigest-whirlpool-perl  <none>
ii  liburi-perl               1.60-1
ii  libwww-perl               6.04-1
ii  powermgmt-base            1.31
ii  tripwire                  2.4.2.2-2

-- Configuration Files:
/etc/logrotate.d/rkhunter changed [not included]
/etc/rkhunter.conf changed [not included]

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
Version: 1.4.0-3

The suggested line has been added to the sample config file (commented out).

Francois

--- End Message ---
_______________________________________________
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel

Reply via email to