RKHUNTER reporting on my system
David Eisenstein
deisenst at gtw.net
Wed Apr 12 20:27:24 UTC 2006
Nils Breunese (Lemonbit Internet) wrote:
> Max Pyziur wrote:
>
>>> I have an FC2 system which rkhunter reports some suspicious
>>> files. In particular, during the MD5 hash scan, it reports
>>>
>>> /bin/dmesg
>>> /bin/kill
>>> /bin/login
>>> /bin/mount
>>> /usr/bin/kill
>>
>>
>> I run FC2 and have a similar issue. I've run rkhunter --update many
>> times
>> in the hopes of updating the installed database to resolve this problem.
>> Is there a way of updating the the FC2-related rkhunter database in
>> order
>> to resolve this?
>
>
> I experience the same (for the same files). I tried installing an older
> version of util-linux and everything was fine again. I updated
> util-linux again and it didn't recognize these files again. So I
> wouldn't be to worried. If rkhunter doesn't recognize certain files
> you're supposed to report this on the rkhunter website. I reported this
> issue twice already, but apparently no one has looked into this.
We've seen this issue before. There was a bugzilla on this same topic in
mid-December. Like what you did, Nils, I asked the reporter to report this
upstream. Thanks for doing that.
This issue may affect RHL7.3, RHL9, FC1 and FC2 packages, due to the
util-linux/mount update advisory FLSA-2005:168326 announced here:
<http://www.redhat.com/archives/fedora-legacy-announce/2005-December/msg00007.html>
Here's the bugzilla entry (closed upstream):
<https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=176519>
-David
More information about the fedora-legacy-list
mailing list