Your message dated Sat, 14 May 2011 21:06:48 +0000
with message-id <e1qlm2y-0002by...@franck.debian.org>
and subject line Bug#626643: fixed in rkhunter 1.3.8-6
has caused the Debian Bug report #626643,
regarding rkhunter: Multiple ALLOWPROCDELFILE options not working anymore
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
626643: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=626643
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: rkhunter
Version: 1.3.8-4
Severity: normal
Among other things, when the daily cronjob runs, I get the following
processes with open deleted files:
Process: /usr/bin/kdeinit4 PID: 599 File: /dev/pts/2
Process: /usr/bin/gnome-terminal PID: 4971 File: /tmp/vteLAK4UV
If I put this in my /etc/rkhunter.conf.local:
ALLOWPROCDELFILE="/usr/bin/kdeinit4"
then the first one disappears and I'm left with:
Process: /usr/bin/gnome-terminal PID: 4971 File: /tmp/vteLAK4UV
However, if I put this in my /etc/rkhunter.conf.local:
ALLOWPROCDELFILE="/usr/bin/kdeinit4"
ALLOWPROCDELFILE="/usr/bin/gnome-terminal"
then none of them are filtered and I'm left with the original two:
Process: /usr/bin/kdeinit4 PID: 599 File: /dev/pts/2
Process: /usr/bin/gnome-terminal PID: 4971 File: /tmp/vteLAK4UV
the same problem exists if I merge the two options into a single option:
ALLOWPROCDELFILE="/usr/bin/kdeinit4 /usr/bin/gnome-terminal"
Cheers,
Francois
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.38.6-grsec+ (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=fr_CA.utf8, LC_CTYPE=fr_CA.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages rkhunter depends on:
ii binutils 2.21.51.20110421-3 The GNU assembler, linker and bina
ii debconf [debconf-2.0] 1.5.39 Debian configuration management sy
ii file 5.04-5+b1 Determines file type using "magic"
ii net-tools 1.60-23 The NET-3 networking toolkit
ii perl 5.10.1-20 Larry Wall's Practical Extraction
ii ucf 3.0025+nmu2 Update Configuration File: preserv
Versions of packages rkhunter recommends:
ii curl 7.21.6-1 Get a file from an HTTP, HTTPS or
ii iproute 20110315-1 networking and traffic control too
ii lsof 4.81.dfsg.1-1 List open files
ii postfix [mail-transport-ag 2.8.3-1 High-performance mail transport ag
pn unhide <none> (no description available)
pn unhide.rb <none> (no description available)
ii wget 1.12-3.1 retrieves files from the web
Versions of packages rkhunter suggests:
ii libdigest-sha1-perl 2.13-1 NIST SHA-1 message digest algorith
pn libdigest-whirlpool-per <none> (no description available)
ii liburi-perl 1.58-1 module to manipulate and access UR
ii libwww-perl 6.01-3 simple and consistent interface to
ii mailutils [mailx] 1:2.2+dfsg1-3+b1 GNU mailutils utilities for handli
ii powermgmt-base 1.31 Common utils and configs for power
pn tripwire <none> (no description available)
-- Configuration Files:
/etc/cron.daily/rkhunter changed [not included]
/etc/default/rkhunter changed [not included]
-- debconf information:
* rkhunter/apt_autogen: yes
* rkhunter/cron_daily_run: yes
* rkhunter/cron_db_update: yes
--- End Message ---
--- Begin Message ---
Source: rkhunter
Source-Version: 1.3.8-6
We believe that the bug you reported is fixed in the latest version of
rkhunter, which is due to be installed in the Debian FTP archive:
rkhunter_1.3.8-6.debian.tar.gz
to main/r/rkhunter/rkhunter_1.3.8-6.debian.tar.gz
rkhunter_1.3.8-6.dsc
to main/r/rkhunter/rkhunter_1.3.8-6.dsc
rkhunter_1.3.8-6_all.deb
to main/r/rkhunter/rkhunter_1.3.8-6_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 626...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julien Valroff <jul...@debian.org> (supplier of updated rkhunter package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 14 May 2011 21:57:24 +0200
Source: rkhunter
Binary: rkhunter
Architecture: source all
Version: 1.3.8-6
Distribution: unstable
Urgency: low
Maintainer: Debian Forensics <forensics-devel@lists.alioth.debian.org>
Changed-By: Julien Valroff <jul...@debian.org>
Description:
rkhunter - rootkit, backdoor, sniffer and exploit scanner
Closes: 626643
Changes:
rkhunter (1.3.8-6) unstable; urgency=low
.
* Add patch from upstream CVS fixing ALLOWPROCDELFILE behaviour
(Closes: #626643)
Checksums-Sha1:
140f0cf27098dd89c6ee3edac6d913e6f5bb87ac 1868 rkhunter_1.3.8-6.dsc
76d5c9342934ab5ee1ffbd734ba30bae41f647b7 27841 rkhunter_1.3.8-6.debian.tar.gz
ca6ad548caefff453d6c379a232fa68a8f052b21 216936 rkhunter_1.3.8-6_all.deb
Checksums-Sha256:
70059e6a547f94683797d5d0a20b7beb8a1c140ed3fab5f6189f37b81cfac1d5 1868
rkhunter_1.3.8-6.dsc
c30111406e5bf0be54db28d1ec06d6023f2afb76a9358bbe014c15818efd48db 27841
rkhunter_1.3.8-6.debian.tar.gz
5020e1e5455e16bebf4dae66290625d33088501f2e3ce42c5dc62e1190a0e1c9 216936
rkhunter_1.3.8-6_all.deb
Files:
f1dfbd32f677c90c7aa1e2da02084fd2 1868 admin optional rkhunter_1.3.8-6.dsc
e2615b368003ae2b2aeb890557ed9e1b 27841 admin optional
rkhunter_1.3.8-6.debian.tar.gz
cfc38ad59ff1e3a8aae11b9d91d3f121 216936 admin optional rkhunter_1.3.8-6_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCAAGBQJNzt+/AAoJEIWf72cljiaxEBMP/1ndQFjlb7R+T+WYt7CidBGy
RS30fgUrr3cDGSZIC07ga4H6xz3UXu4Fh3/EgUKXwBkdt5MoKJRBNY8d99qDqXIt
8Zp9Vh+rFkxAV1WEOZOjpqdSURsFt2YKg4rZN95tORPR6Ta4XW/6IUK2ns8b9MlP
xR4JxYhfePnAckSsBNPBJAkS9Uq03hqLY9JuiHNaA+eRkbXzupj2flWtoz5F03q4
U9T/wNEkQB+aQbIBA11rMgTO4QK7OpuJXa4YPaQhRlgZXC/smXwvnAwHNlwWTKVe
4XHgq3k9y3c7gM71eoYNsb+WJgPNanKtn7zaTqNa+C+pj1wr6Yi90L7aRTzlHC2a
C9Wc50u1IuurdULLfvyAxONxYVVQPwav38qzBkS+CjkPZl8+Hmea7DMBg6crvPbP
NZnBn131/z0wq2Sx1RC//U2OWhrlZ/Vzb2RRquC0C4PsJewmAFQZT+/FVjyHp8Xb
5Q2O+IhhvWUoB/kL6QO8oAUQ6yaFEJeLiMzXo36SDl6w38HjQpjFL1q/KDeaLJie
YhRle07YhzMn6bB3Tze9fEzjapQBQri+Y/cJKKMRfUIJT1vuJKCmrLSxpBCHrOxV
frHPyL5WtZD4+4e9C89R99tyWptuz6R65E8qVKDmWk2cxIoVYqAQdnnHftosZ6+A
pHb42zftQewxMLwh9wCx
=vN50
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/forensics-devel