[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Are these scan logs dangerous ?

On Sun, Jul 05, 2009 at 09:34:55AM +0000, Tzafrir Cohen wrote:
> On Sun, Jul 05, 2009 at 10:41:40AM +0200, Davide Prina wrote:
> > a dehqan wrote:
> >
> >>> [11:19:43] Warning: The file '/usr/sbin/unhide-linux26' exists on the
> >>> system, but it is not present in the rkhunter.dat file.
> 
> So when is that rkhunter.dat generated?

In the post-install script of rkhunter, I guess.

> 
> >
> > $ apt-file search /usr/sbin/unhide-linux26
> > unhide: /usr/sbin/unhide-linux26
> >
> > probably you have installed unhide as suggested by rkhunter and you have  
> > installed it after the last rkhunter check.
> 
> rkhunter recommends unhide. It is thus more likely that unhide was
> installed before rkhunter.

Nope. unhide was indeed installed after rkhunter:

# aptitude install rkhunter
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
Reading task descriptions... Done
The following NEW packages will be installed:
  libmd5-perl{a} rkhunter unhide{a}
0 packages upgraded, 3 newly installed, 0 to remove and 67 not upgraded.
Need to get 949kB of archives. After unpacking 2613kB will be used.
Do you want to continue? [Y/n/?]
Writing extended state information... Done
Get:1 http://mirror.isoc.org.il lenny/main libmd5-perl 2.03-1 [5700B]
Get:2 http://mirror.isoc.org.il lenny/main rkhunter 1.3.2-6 [179kB]
Get:3 http://mirror.isoc.org.il lenny/main unhide 20080519-2 [764kB]
Fetched 949kB in 1s (482kB/s)
...
Selecting previously deselected package libmd5-perl.
(Reading database ... 322621 files and directories currently installed.)
Unpacking libmd5-perl (from .../libmd5-perl_2.03-1_all.deb) ...
Selecting previously deselected package rkhunter.
Unpacking rkhunter (from .../rkhunter_1.3.2-6_all.deb) ...
Selecting previously deselected package unhide.
Unpacking unhide (from .../unhide_20080519-2_amd64.deb) ...
Processing triggers for man-db ...
Setting up libmd5-perl (2.03-1) ...
Setting up rkhunter (1.3.2-6) ...
Updating the file properties database:
[ Rootkit Hunter version 1.3.2 ]
File created: searched for 153 files, found 131
Setting up unhide (20080519-2) ...
Using '/usr/sbin/unhide-linux26' to provide 'unhide'.
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
Writing extended state information... Done
Reading task descriptions... Done


Bug? Worth at least an entry in README.Debian, I guess.

-- 
Tzafrir Cohen         | tzafrir@jabber.org | VIM is
http://tzafrir.org.il |                    | a Mutt's
tzafrir@cohens.org.il |                    |  best
ICQ# 16849754         |                    | friend
Reply to: