Bug 552621 - rkhunter complaining about hidden ssh hmac files
rkhunter complaining about hidden ssh hmac files
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: rkhunter (Show other bugs)
11
All Linux
low Severity medium
: ---
: ---
Assigned To: Kevin Fenzi
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-01-05 12:10 EST by long
Modified: 2010-02-28 00:39 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-02-28 00:39:06 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description long 2010-01-05 12:10:58 EST
Description of problem:
When rkhunter runs it complains:
Warning: Hidden file found: /usr/bin/.ssh-keygen.hmac: ASCII text
Warning: Hidden file found: /usr/bin/.ssh-keyscan.hmac: ASCII text
Warning: Hidden file found: /usr/bin/.ssh-add.hmac: ASCII text
Warning: Hidden file found: /usr/bin/.ssh-agent.hmac: ASCII text

Version-Release number of selected component (if applicable):
rkhunter-1.3.6-2.fc11.noarch

How reproducible:
Every time

Steps to Reproduce:
1. Install rkhunter
2. Wait until daily run and check your (root) email
3.
  
Actual results:
--------------------- Start Rootkit Hunter Update ---------------------
[ Rootkit Hunter version 1.3.6 ]

Checking rkhunter data files...
  Checking file mirrors.dat                                  [ No update ]
  Checking file programs_bad.dat                             [ No update ]
  Checking file backdoorports.dat                            [ No update ]
  Checking file suspscan.dat                                 [ No update ]
  Checking file i18n/cn                                      [ No update ]
  Checking file i18n/de                                      [ No update ]
  Checking file i18n/en                                      [ No update ]
  Checking file i18n/zh                                      [ No update ]
  Checking file i18n/zh.utf8                                 [ No update ]

---------------------- Start Rootkit Hunter Scan ----------------------
Warning: Hidden file found: /usr/bin/.ssh-keygen.hmac: ASCII text
Warning: Hidden file found: /usr/bin/.ssh-keyscan.hmac: ASCII text
Warning: Hidden file found: /usr/bin/.ssh-add.hmac: ASCII text
Warning: Hidden file found: /usr/bin/.ssh-agent.hmac: ASCII text

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter/rkhunter.log)

----------------------- End Rootkit Hunter Scan -----------------------


Expected results:
No email generated since those hmac files appear to be valid


Additional info:
appears that these need to be added to the ALLOWHIDDENFILE list in rkhunter.conf
Comment 1 Kevin Fenzi 2010-01-05 13:10:29 EST
Sigh. Yeah, will push out an update with these added. 

Looks like they added more hmac files in an update. ;(
Comment 2 Fedora Update System 2010-01-05 13:47:22 EST
rkhunter-1.3.6-3.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/rkhunter-1.3.6-3.fc12
Comment 3 Fedora Update System 2010-01-05 13:52:09 EST
rkhunter-1.3.6-3.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/rkhunter-1.3.6-3.fc11
Comment 4 Fedora Update System 2010-01-06 19:55:36 EST
rkhunter-1.3.6-3.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update rkhunter'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2010-0220
Comment 5 Fedora Update System 2010-01-06 20:00:06 EST
rkhunter-1.3.6-3.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update rkhunter'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2010-0246
Comment 6 Kevin Fenzi 2010-02-28 00:39:06 EST
This was fixed a while back, closing now.

Note You need to log in before you can comment on or make changes to this bug.