Your message dated Mon, 4 Jul 2011 06:02:32 +0200
with message-id <20110704040232.gf...@kirya.net>
and subject line Re: Bug#607224: Warning: The command '/usr/bin/unhide.rb' has
been replaced by a script: /usr/bin/unhide.rb: a /usr/bin/ruby -w script text
executable
has caused the Debian Bug report #607224,
regarding rkhunter complains about files from the unhide package
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
607224: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607224
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: rkhunter
Version: 1.3.2-6
Severity: normal
rkhunter keeps sending out emails with the following text:
Warning: The file '/usr/sbin/unhide' exists on the system, but it is
not present in the rkhunter.dat file.
Warning: The file '/usr/sbin/unhide-linux26' exists on the system, but
it is not present in the rkhunter.dat file.
These files are installed by the unhide-20100201-1 package
http://packages.debian.org/squeeze/unhide
Unhide is a tool to find processes and ports hidden by rootkits, and
thus in the same line of business as rkhunter.
-- System Information:
Debian Release: 5.0.7
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32.26-kvm-i386-20101122 (SMP w/1 CPU core)
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages rkhunter depends on:
ii binutils 2.18.1~cvs20080103-7 The GNU assembler, linker and bina
ii debconf [debconf-2. 1.5.24 Debian configuration management sy
ii exim4-daemon-heavy 4.69-9+lenny1 Exim MTA (v4) daemon with extended
ii file 4.26-1 Determines file type using "magic"
ii net-tools 1.60-22 The NET-3 networking toolkit
ii perl 5.10.0-19lenny2 Larry Wall's Practical Extraction
Versions of packages rkhunter recommends:
ii iproute 20080725-2 networking and traffic control too
ii libmd5-perl 2.03-1 backwards-compatible wrapper for D
ii unhide 20080519-2 Forensic tool to find hidden proce
ii wget 1.11.4-2+lenny2 retrieves files from the web
Versions of packages rkhunter suggests:
ii bsd-mailx 8.1.2-0.20071201cvs-3 A simple mail user agent
-- debconf information:
rkhunter/apt_autogen: false
rkhunter/cron_daily_run:
rkhunter/cron_db_update:
--- End Message ---
--- Begin Message ---
Hi,
Le dimanche 03 juil. 2011 à 23:51:33 (+0200 CEST), Kingsley G. Morse Jr. a
écrit :
> Hi Julien,
>
> Thank you for maintaining rkhunter.
>
> Rootkit protection is good.
>
> The main reason I'm writing is that I happened to
> notice that version 1.3.8-6 reported a warning
> similar to the bug reported in 607224.
[...]
> [14:21:03] Warning: The command '/usr/bin/unhide.rb' has been
> replaced by a script: /usr/bin/unhide.rb: a /usr/bin/ruby -w script text
> executable
>
This warning is totally unrelated to the issue described in #607224 (which
can now be closed as triggers have been introduced in unhide for that
purpose).
As for your warning, rkhunter simply informs you the unhide.rb executable
located in /usr/bin/ is a ruby script. It is perfectly normal in that case
and you can whitelist it in rkhunter.conf{,.local}.
Cheers,
Julien
--
.''`. Julien Valroff ~ <jul...@kirya.net> ~ <jul...@debian.org>
: :' : Debian Developer & Free software contributor
`. `'` http://www.kirya.net/
`- 4096R/ E1D8 5796 8214 4687 E416 948C 859F EF67 258E 26B1
--- End Message ---
_______________________________________________
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
