Bug 176519

Perhaps we need to contact the author of rootkit-hunter, and ask him if
he has included the MD5 hashes for Fedora Legacy's updated utilities.

The util-linux package contains core system utilities.  All four utilities that
you mentioned (dmesg, kill, login, and mount) are part of the util-linux
package.  Those utilities would likely have changed their MD5 hashes because
they are compiled on Fedora Legacy's build server, not Red Hat's.

Harold, would you file a report at the rootkit author's (Michael Boelen's)
support website (at http://www.rootkit.nl/contact/) and include a pointer
URL to this bug report?  Also, please let us know in this bug ticket what
response you receive?

This issue will affect how rootkit-hunter processes util-linux utilities
from all four distributions that Fedora Legacy supports:  RHL 7.3, RHL9,
FC1 and FC2, and therefore the upstream author's hashes will need to be
updated for these four sets of packages:

 Red Hat Linux 7.3:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/util-linux-2.11n-12.7.3.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mount-2.11n-12.7.3.2.legacy.i386.rpm

 Red Hat Linux 9:
http://download.fedoralegacy.org/redhat/9/updates/i386/mount-2.11y-9.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/util-linux-2.11y-9.2.legacy.i386.rpm

 Fedora Core 1:
http://download.fedoralegacy.org/fedora/1/updates/i386/mount-2.11y-29.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/util-linux-2.11y-29.2.legacy.i386.rpm

 Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/util-linux-2.12-19.1.legacy.i386.rpm
(the mount utility is contained in the util-linux package for FC2).

Thanks for reporting this here and taking care of reporting this issue 
upstream for you and us!

Pekka, when you have time, can you close this bug either "UPSTREAM" or "CANTFIX"?
(I still don't have the ability to affect Bugzilla tickets I haven't created
or don't own.)

rkhunter is not one of Fedora Legacy's supported packages, so we cannot fix this
issue.  Upstream can.  Have asked the reporter to take this issue upstream, so
if he cares about this issue, he will do so.

Thanks!  -David

Closing, thanks.

(In reply to comment #0)
> From Bugzilla Helper:
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8)
Gecko/20051111 Firefox/1.5
> 
> Description of problem:
> I am not sure if this is your problem or rkhunter. Yes I did rkhunter --update.
> Hope this is right place to report if not I am sorry. rkhunter --checkall reports
> bad hashes for dmesg, kill, login and mount. Thanks for your time.
> 
> Version-Release number of selected component (if applicable):
> util-linux-2.11y-9.2.legacy
> 
> How reproducible:
> Always
> 
> Steps to Reproduce:
> 1. rkhunter --checkall
> 2.
> 3.
>   
> 
> Actual Results:   /bin/dmesg                                                 [
BAD ]
>    /bin/egrep                                                 [ OK ]
>    /bin/env                                                   [ OK ]
>    /bin/fgrep                                                 [ OK ]
>    /bin/grep                                                  [ OK ]
>    /bin/kill                                                  [ BAD ]
>    /bin/login                                                 [ BAD ]
>    /bin/ls                                                    [ OK ]
>    /bin/mount                                                 [ BAD ]
>    /bin/netstat                                               [ OK ]
>    
> 
> Expected Results:  All be OK
> 
> Additional info:
> 
> Used rkhunter 1.2.7
> I am rating low unless you think oterwise and it may not be your problem at ALL .