Bug 176519 - rkhunter 1.2.7 reports bad dmesg login kill mount after update or util-linux from download.fedoralegacy.org
rkhunter 1.2.7 reports bad dmesg login kill mount after update or util-linux ...
Status: CLOSED UPSTREAM
Product: Fedora Legacy
Classification: Retired
Component: util-linux (Show other bugs)
rhl9
i386 Linux
medium Severity low
: ---
: ---
Assigned To: Fedora Legacy Bugs
Rkhunter author has not responded to ...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-12-23 20:20 EST by Harold Henry
Modified: 2007-04-18 13:35 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-01-01 08:18:05 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Harold Henry 2005-12-23 20:20:21 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8) Gecko/20051111 Firefox/1.5

Description of problem:
I am not sure if this is your problem or rkhunter. Yes I did rkhunter --update.
Hope this is right place to report if not I am sorry. rkhunter --checkall reports
bad hashes for dmesg, kill, login and mount. Thanks for your time.

Version-Release number of selected component (if applicable):
util-linux-2.11y-9.2.legacy

How reproducible:
Always

Steps to Reproduce:
1. rkhunter --checkall
2.
3.
  

Actual Results:   /bin/dmesg                                                 [ BAD ]
   /bin/egrep                                                 [ OK ]
   /bin/env                                                   [ OK ]
   /bin/fgrep                                                 [ OK ]
   /bin/grep                                                  [ OK ]
   /bin/kill                                                  [ BAD ]
   /bin/login                                                 [ BAD ]
   /bin/ls                                                    [ OK ]
   /bin/mount                                                 [ BAD ]
   /bin/netstat                                               [ OK ]
   

Expected Results:  All be OK

Additional info:

Used rkhunter 1.2.7
I am rating low unless you think oterwise and it may not be your problem at ALL .
Comment 1 David Eisenstein 2005-12-24 23:47:59 EST
Perhaps we need to contact the author of rootkit-hunter, and ask him if
he has included the MD5 hashes for Fedora Legacy's updated utilities.

The util-linux package contains core system utilities.  All four utilities that
you mentioned (dmesg, kill, login, and mount) are part of the util-linux
package.  Those utilities would likely have changed their MD5 hashes because
they are compiled on Fedora Legacy's build server, not Red Hat's.

Harold, would you file a report at the rootkit author's (Michael Boelen's)
support website (at http://www.rootkit.nl/contact/) and include a pointer
URL to this bug report?  Also, please let us know in this bug ticket what
response you receive?

This issue will affect how rootkit-hunter processes util-linux utilities
from all four distributions that Fedora Legacy supports:  RHL 7.3, RHL9,
FC1 and FC2, and therefore the upstream author's hashes will need to be
updated for these four sets of packages:

 Red Hat Linux 7.3:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/util-linux-2.11n-12.7.3.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/mount-2.11n-12.7.3.2.legacy.i386.rpm

 Red Hat Linux 9:
http://download.fedoralegacy.org/redhat/9/updates/i386/mount-2.11y-9.2.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/util-linux-2.11y-9.2.legacy.i386.rpm

 Fedora Core 1:
http://download.fedoralegacy.org/fedora/1/updates/i386/mount-2.11y-29.2.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/util-linux-2.11y-29.2.legacy.i386.rpm

 Fedora Core 2:
http://download.fedoralegacy.org/fedora/2/updates/i386/util-linux-2.12-19.1.legacy.i386.rpm
(the mount utility is contained in the util-linux package for FC2).

Thanks for reporting this here and taking care of reporting this issue 
upstream for you and us!
Comment 2 David Eisenstein 2006-01-01 00:30:51 EST
Pekka, when you have time, can you close this bug either "UPSTREAM" or "CANTFIX"?
(I still don't have the ability to affect Bugzilla tickets I haven't created
or don't own.)

rkhunter is not one of Fedora Legacy's supported packages, so we cannot fix this
issue.  Upstream can.  Have asked the reporter to take this issue upstream, so
if he cares about this issue, he will do so.

Thanks!  -David
Comment 3 Pekka Savola 2006-01-01 08:18:05 EST
Closing, thanks.
Comment 4 Harold Henry 2006-04-12 18:49:02 EDT
(In reply to comment #0)
> From Bugzilla Helper:
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8)
Gecko/20051111 Firefox/1.5
> 
> Description of problem:
> I am not sure if this is your problem or rkhunter. Yes I did rkhunter --update.
> Hope this is right place to report if not I am sorry. rkhunter --checkall reports
> bad hashes for dmesg, kill, login and mount. Thanks for your time.
> 
> Version-Release number of selected component (if applicable):
> util-linux-2.11y-9.2.legacy
> 
> How reproducible:
> Always
> 
> Steps to Reproduce:
> 1. rkhunter --checkall
> 2.
> 3.
>   
> 
> Actual Results:   /bin/dmesg                                                 [
BAD ]
>    /bin/egrep                                                 [ OK ]
>    /bin/env                                                   [ OK ]
>    /bin/fgrep                                                 [ OK ]
>    /bin/grep                                                  [ OK ]
>    /bin/kill                                                  [ BAD ]
>    /bin/login                                                 [ BAD ]
>    /bin/ls                                                    [ OK ]
>    /bin/mount                                                 [ BAD ]
>    /bin/netstat                                               [ OK ]
>    
> 
> Expected Results:  All be OK
> 
> Additional info:
> 
> Used rkhunter 1.2.7
> I am rating low unless you think oterwise and it may not be your problem at ALL .

Note You need to log in before you can comment on or make changes to this bug.