Your message dated Sun, 28 Feb 2010 15:23:42 +0100
with message-id <1267367022.9111.1.ca...@gaia>
and subject line Re: Bug#571947: rkhunter gives false positives
has caused the Debian Bug report #571947,
regarding rkhunter gives false positives
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
571947: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=571947
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: rkhunter
Severity: normal
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: x86_64
Kernel: Linux 2.6.32-2-amd64 (SMP w/2 CPU cores)
Locale: lang=de...@euro, lc_ctype=de...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Dear maintainer-team,
since some time I get the following messages/mails by rkhunter, which are
definetily no rootkits. I checked the relatedt files, which are all correct.
It would be nice, if you could tak an eye on it.
This is the message by rkhunter:
Warning: The command '/sbin/chkconfig' has been replaced by a script:
/sbin/chkconfig: a /usr/bin/perl script text executable
Warning: Checking for possible rootkit strings [ Warning ]
Found string 'hdparm' in file '/etc/init.d/.depend.boot'. Possible
rootkit: Xzibit Rootkit
Found string 'hdparm' in file '/etc/init.d/bootlogd'. Possible
rootkit: Xzibit Rootkit
Found string 'hdparm' in file '/etc/init.d/checkroot.sh'. Possible
rootkit: Xzibit Rootkit
Found string 'hdparm' in file '/etc/init.d/hdparm'. Possible
rootkit: Xzibit Rootkit
Warning: Network TCP port 1524 is being used by /usr/sbin/portsentry.
Possible rootkit: Possible FreeBSD (FBRK) Rootkit backdoor
Use the 'lsof -i' or 'netstat -an' command to check this.
Warning: Network TCP port 6667 is being used by /usr/sbin/portsentry.
Possible rootkit: Possible rogue IRC bot
Use the 'lsof -i' or 'netstat -an' command to check this.
Warning: Network TCP port 31337 is being used by /usr/sbin/portsentry.
Possible rootkit: Historical backdoor port
Use the 'lsof -i' or 'netstat -an' command to check this.
Warning: Application 'openssl', version '0.9.8k', is out of date, and
possibly a security risk.
One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)
I am running portsentry, and hdparm is also installed. Please ask me for
more tests.
Best regards
Hans-J. Ullrich
--- End Message ---
--- Begin Message ---
Hi,
Le dimanche 28 février 2010 à 14:42 +0100, Hans-J. Ullrich a écrit :
[...]
>
> Dear maintainer-team,
>
> since some time I get the following messages/mails by rkhunter, which are
> definetily no rootkits. I checked the relatedt files, which are all correct.
> It would be nice, if you could tak an eye on it.
>
> This is the message by rkhunter:
[...]
>
> I am running portsentry, and hdparm is also installed. Please ask me for
> more tests.
while these may be false-positives on your systems, they might be real
problems on other systems. You have to configure rkhunter
using /etc/rkhunter.conf file to stop these warnings in your particular
case.
I hence close this bug which is not one.
Cheers,
Julien
--- End Message ---
