Bug#620521: marked as done (Probably false positive Xzibit rootkit detection)

Debian Bug Tracking System Sat, 02 Apr 2011 07:03:15 -0700

Your message dated Sat, 2 Apr 2011 15:49:12 +0200
with message-id <[email protected]>
and subject line Re: Bug#620521: Probably false positive Xzibit rootkit 
detection
has caused the Debian Bug report #620521,
regarding Probably false positive Xzibit rootkit detection
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
620521: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=620521
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: rkhunter
Version: 1.3.6-4
Severity: important

I have the problem like in the bugreport no. #576680
[10:20:37] Checking for Xzibit Rootkit...
[10:20:37]   Checking for file '/dev/dsx'                    [ Not found
]
[10:20:37]   Checking for file '/dev/caca'                   [ Not found
]
[10:20:37]   Checking for file '/dev/ida/.inet/linsniffer'   [ Not found
]
[10:20:37]   Checking for file '/dev/ida/.inet/logclear'     [ Not found
]
[10:20:37]   Checking for file '/dev/ida/.inet/sense'        [ Not found
]
[10:20:37]   Checking for file '/dev/ida/.inet/sl2'          [ Not found
]
[10:20:37]   Checking for file '/dev/ida/.inet/sshdu'        [ Not found
]
[10:20:37]   Checking for file '/dev/ida/.inet/s'            [ Not found
]
[10:20:37]   Checking for file '/dev/ida/.inet/ssh_host_key' [ Not found
]
[10:20:37]   Checking for file '/dev/ida/.inet/ssh_random_seed' [ Not
found ]
[10:20:38]   Checking for file '/dev/ida/.inet/sl2new.c'     [ Not found
]
[10:20:38]   Checking for file '/dev/ida/.inet/tcp.log'      [ Not found
]
[10:20:38]   Checking for file '/home/httpd/cgi-bin/becys.cgi' [ Not
found ]
[10:20:38]   Checking for file '/usr/local/httpd/cgi-bin/becys.cgi' [
Not found ]
[10:20:38]   Checking for file '/usr/local/apache/cgi-bin/becys.cgi' [
Not found ]
[10:20:38]   Checking for file '/www/httpd/cgi-bin/becys.cgi' [ Not
found ]
[10:20:38]   Checking for file '/www/cgi-bin/becys.cgi'      [ Not found
]
[10:20:38]   Checking for directory '/dev/ida/.inet'         [ Not found
]
[10:20:38] Xzibit Rootkit                                    [ Not found
]

....
[10:20:59]          Found string 'hdparm' in file '/etc/init.d/hdparm'.
Possible rootkit: Xzibit Rootkit
[10:20:59]          Found string 'hdparm' in file
'/etc/init.d/.depend.boot'. Possible rootkit: Xzibit Rootkit


-- System Information:
Debian Release: 6.0.1
  APT prefers stable
 APT policy: (990, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages rkhunter depends on:
ii  binutils                      2.20.1-16  The GNU assembler, linker
and bina
ii  debconf [debconf-2.0]         1.5.36.1   Debian configuration
management sy
ii  exim4                         4.72-6     metapackage to ease Exim
MTA (v4)
ii  exim4-daemon-light [mail-tran 4.72-6     lightweight Exim MTA (v4)
daemon
ii  file                          5.04-5     Determines file type using
"magic"
ii  net-tools                     1.60-23    The NET-3 networking toolkit
ii  perl                          5.10.1-17  Larry Wall's Practical
Extraction

Versions of packages rkhunter recommends:
ii  curl                       7.21.0-1      Get a file from an HTTP,
HTTPS or
ii  iproute                    20100519-3    networking and traffic
control too
ii  lsof                       4.81.dfsg.1-1 List open files
ii  lynx                       2.8.8dev.5-1  Text-mode WWW Browser
(transitiona
ii  perl [libdigest-sha-perl]  5.10.1-17     Larry Wall's Practical
Extraction
ii  unhide                     20100201-1    Forensic tool to find
hidden proce
ii  wget                       1.12-2.1      retrieves files from the web

Versions of packages rkhunter suggests:
ii  bsd-mailx          8.1.2-0.20100314cvs-1 simple mail user agent
pn  tripwire           <none>                (no description available)

-- debconf-show failed

--- End Message ---

--- Begin Message ---

Hi,

Le samedi 02 avril 2011 à 14:54:40 (+0200 CEST), James Brown a écrit :
> Package: rkhunter
> Version: 1.3.6-4
> Severity: important
> 
> I have the problem like in the bugreport no. #576680
[...]
> ....
> [10:20:59]          Found string 'hdparm' in file '/etc/init.d/hdparm'.
> Possible rootkit: Xzibit Rootkit
> [10:20:59]          Found string 'hdparm' in file
> '/etc/init.d/.depend.boot'. Possible rootkit: Xzibit Rootkit

Please read /usr/share/doc/rkhunter/README.Debian.gz where it is explained
what to do to avoid this false alert.

Closing this bug.

Cheers,
Julien


-- 
  .''`.   Julien Valroff ~ <[email protected]> ~ <[email protected]>    
 : :'  :  Debian Developer & Free software contributor
 `. `'`   http://www.kirya.net/
   `-     4096R/ E1D8 5796 8214 4687 E416  948C 859F EF67 258E 26B1

--- End Message ---

Bug#620521: marked as done (Probably false positive Xzibit rootkit detection)

Reply via email to