Description of problem: When rkhunter runs it complains: Warning: Hidden file found: /usr/bin/.ssh-keygen.hmac: ASCII text Warning: Hidden file found: /usr/bin/.ssh-keyscan.hmac: ASCII text Warning: Hidden file found: /usr/bin/.ssh-add.hmac: ASCII text Warning: Hidden file found: /usr/bin/.ssh-agent.hmac: ASCII text Version-Release number of selected component (if applicable): rkhunter-1.3.6-2.fc11.noarch How reproducible: Every time Steps to Reproduce: 1. Install rkhunter 2. Wait until daily run and check your (root) email 3. Actual results: --------------------- Start Rootkit Hunter Update --------------------- [ Rootkit Hunter version 1.3.6 ] Checking rkhunter data files... Checking file mirrors.dat [ No update ] Checking file programs_bad.dat [ No update ] Checking file backdoorports.dat [ No update ] Checking file suspscan.dat [ No update ] Checking file i18n/cn [ No update ] Checking file i18n/de [ No update ] Checking file i18n/en [ No update ] Checking file i18n/zh [ No update ] Checking file i18n/zh.utf8 [ No update ] ---------------------- Start Rootkit Hunter Scan ---------------------- Warning: Hidden file found: /usr/bin/.ssh-keygen.hmac: ASCII text Warning: Hidden file found: /usr/bin/.ssh-keyscan.hmac: ASCII text Warning: Hidden file found: /usr/bin/.ssh-add.hmac: ASCII text Warning: Hidden file found: /usr/bin/.ssh-agent.hmac: ASCII text One or more warnings have been found while checking the system. Please check the log file (/var/log/rkhunter/rkhunter.log) ----------------------- End Rootkit Hunter Scan ----------------------- Expected results: No email generated since those hmac files appear to be valid Additional info: appears that these need to be added to the ALLOWHIDDENFILE list in rkhunter.conf
Sigh. Yeah, will push out an update with these added. Looks like they added more hmac files in an update. ;(
rkhunter-1.3.6-3.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/rkhunter-1.3.6-3.fc12
rkhunter-1.3.6-3.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/rkhunter-1.3.6-3.fc11
rkhunter-1.3.6-3.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update rkhunter'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2010-0220
rkhunter-1.3.6-3.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update rkhunter'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2010-0246
This was fixed a while back, closing now.