Bug 1731302 - Installing wp-cli as /usr/bin/wp triggers a false positive from rkhunter
Summary: Installing wp-cli as /usr/bin/wp triggers a false positive from rkhunter
Keywords:
Status: NEW
Alias: None
Product: Fedora EPEL
Classification: Fedora
Component: wp-cli
Version: epel7
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Luis Segundo
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-19 01:38 UTC by Richard Siddall
Modified: 2019-07-19 01:38 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Richard Siddall 2019-07-19 01:38:15 UTC 
Description of problem: wp-cli produces false positive in rkhunter


Version-Release number of selected component (if applicable): 2.2.0


How reproducible: reliable


Steps to Reproduce:
1. Install rkhunter from EPEL
2. Run sudo rkhunter --check --enable rootkits

Actual results:
...
RH-Sharpe's Rootkit                                      [ Warning ]
...

Expected results:
...
RH-Sharpe's Rootkit                                      [ Not Found ]
...

Additional info:
rkhunter warns that the RH-Sharpe's Rootkit may be present if a file /usr/bin/wp exists.  Suppressing the test in rkhunter stops it detecting the rootkit, so wp-cli should be installed in another folder on the path.
Note You need to log in before you can comment on or make changes to this bug.