Bug 1403602

Summary: rkhunter should not report pcsd/pacemaker/corosync in files /dev/shm/qb-* as suspicious
Product: [Fedora] Fedora EPEL Reporter: Martin Stefany <martin>
Component: rkhunterAssignee: Mukundan Ragavan <nonamedotc>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: epel7CC: kevin, manuel.wolfshant, nonamedotc
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: rkhunter-1.4.2-12.fc25 rkhunter-1.4.2-8.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-02-05 20:20:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Martin Stefany 2016-12-11 20:11:14 UTC 
Description of problem:
rkhunter reports PCSd/Pacemaker/Corosync files in /dev/shm as suspicious, see attached log.

Version-Release number of selected component (if applicable):
rkhunter-1.4.2-7.el7.src.rpm

How reproducible:
always

Steps to Reproduce:
1. install and initialize rkhunter
2. install, configure, use PCSd with Pacemaker/Corosync
3. run rkhunter --check and observe suspicious files in /var/log/rkhunter/rkhunter.log

Actual results:
rkhunter reports suspicious files

Expected results:
rkhunter should not report Pacemaker/Corosync's files in /dev/shm as suspicious

Additional info:
workaround is allowing dev files in /dev/shm:
# vi /etc/rkhunter.conf
...
#
# Allow the specified file to be present in the '/dev' directory, and not
# regarded as suspicious.
#
# This option may be specified more than once, and may use wildcard characters.
#
# The default value is the null string.
#
[...]
# PCS/Pacemaker/Corosync
ALLOWDEVFILE=/dev/shm/qb-attrd-*
ALLOWDEVFILE=/dev/shm/qb-cfg-*
ALLOWDEVFILE=/dev/shm/qb-cib_rw-*
ALLOWDEVFILE=/dev/shm/qb-cib_shm-*
ALLOWDEVFILE=/dev/shm/qb-corosync-*
ALLOWDEVFILE=/dev/shm/qb-cpg-*
ALLOWDEVFILE=/dev/shm/qb-lrmd-*
ALLOWDEVFILE=/dev/shm/qb-pengine-*
ALLOWDEVFILE=/dev/shm/qb-quorum-*
ALLOWDEVFILE=/dev/shm/qb-stonith-*

or just

ALLOWDEVFILE=/dev/shm/qb-*
Comment 1 Mukundan Ragavan 2016-12-12 02:34:13 UTC 
I would be much happier to add specific files instead of qb-* .. kevin?

Unless, the list becomes too long, of course.
Comment 2 Kevin Fenzi 2016-12-12 04:55:11 UTC 
Yeah, sounds fine to me...
Comment 3 Mukundan Ragavan 2016-12-13 02:24:45 UTC 
excellent. I will add the files to the patch and update.
Comment 4 Mukundan Ragavan 2017-01-10 02:43:11 UTC 
Can you please test this scratch build?

https://koji.fedoraproject.org/koji/taskinfo?taskID=17227315

If everything is ok, I will build this and submit an update.
Comment 5 Fedora Update System 2017-01-26 02:37:47 UTC 
rkhunter-1.4.2-8.el7 rkhunter-1.4.2-8.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a9679aec00
Comment 6 Fedora Update System 2017-01-26 02:42:28 UTC 
rkhunter-1.4.2-12.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-600553ca54
Comment 7 Fedora Update System 2017-01-27 02:48:07 UTC 
rkhunter-1.4.2-8.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-a9679aec00
Comment 8 Fedora Update System 2017-01-28 04:54:22 UTC 
rkhunter-1.4.2-12.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-600553ca54
Comment 9 Fedora Update System 2017-02-05 20:20:51 UTC 
rkhunter-1.4.2-12.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2017-02-11 13:19:10 UTC 
rkhunter-1.4.2-8.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.