Re: F17 - false positive? -> Fwd: rkhunter Daily Run on testserver |
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: F17 - false positive? -> Fwd: rkhunter Daily Run on testserver
- From: Reindl Harald <h.reindl@xxxxxxxxxxxxx>
- Date: Thu, 14 Jun 2012 11:00:35 +0200
- Delivered-to: users@xxxxxxxxxxxxxxxxxxxxxxx
- In-reply-to: <4FD9A3CF.2080506@greshko.com>
- Openpgp: id=7F780279; url=http://arrakis.thelounge.net/gpg/h.reindl_thelounge.net.pub.txt
- Organization: the lounge interactive design
- Reply-to: Community support for Fedora users <users@xxxxxxxxxxxxxxxxxxxxxxx>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20120605 Thunderbird/13.0
Am 14.06.2012 10:41, schrieb Ed Greshko:
> On 06/14/2012 04:16 PM, Reindl Harald wrote:
>> after upgrade a test-VM to F17 i get this rkhunter warnings
>> i can not really believe that there is a rootkit not existing
>> on the F16 setup and think this is a false positive
>>
>> can anybody confirm this or should i make a bugreport now?
>>
>> -------- Original-Nachricht --------
>> Betreff: rkhunter Daily Run on testserver
>> Datum: Thu, 14 Jun 2012 03:49:14 +0200
>> Von: root
>> An: rhsoft@xxxxxxx
>>
>> --------------------- Start Rootkit Hunter Update ---------------------
>> [ Rootkit Hunter version 1.4.0 ]
>>
>> Checking rkhunter data files...
>> Checking file mirrors.dat [ No update ]
>> Checking file programs_bad.dat [ No update ]
>> Checking file backdoorports.dat [ No update ]
>> Checking file suspscan.dat [ No update ]
>> Checking file i18n/cn [ No update ]
>> Checking file i18n/de [ No update ]
>> Checking file i18n/en [ No update ]
>> Checking file i18n/zh [ No update ]
>> Checking file i18n/zh.utf8 [ No update ]
>>
>> ---------------------- Start Rootkit Hunter Scan ----------------------
>> Warning: 'Spanish' Rootkit [ Warning ]
>> File '/bin/ad' found
>> Warning: Hidden file found: /usr/share/man/man5/.k5identity.5.gz: gzip compressed data, from Unix, max compression
>>
>> ----------------------- End Rootkit Hunter Scan -----------------------
>>
>
> Well, I have no /bin/ad file and "yum whatprovides /bin/ad" returns nothing.... on
> both F16 and F17
>
> /usr/share/man/man5/.k5identity.5.gz is part of krb5-libs on F17 but not F16
https://bugzilla.redhat.com/show_bug.cgi?id=831989
seems like this is caused by UsrMove
it is intentionally /usr/bin/ad
4:netatalk-2.2.2-1.fc17.x86_64 : Daemon which provides POSIX-compliant *NIX/*BSD systems with the ability to
: share files and printers with Apple Macintosh
Repo : @fedora
Übereinstimmung von:
Dateiname : /bin/ad
Attachment:
signature.asc
Description: OpenPGP digital signature
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Older Fedora Users]
[Fedora Announce]
[Fedora Package Announce]
[EPEL Announce]
[Fedora News]
[Fedora Cloud]
[Fedora Advisory Board]
[Fedora Education]
[Fedora Security]
[Fedora Scitech]
[Fedora Robotics]
[Fedora Maintainers]
[Fedora Infrastructure]
[Fedora Websites]
[Anaconda Devel]
[Fedora Devel Java]
[Fedora Legacy]
[Fedora Desktop]
[Fedora Fonts]
[ATA RAID]
[Fedora Marketing]
[Fedora Management Tools]
[Fedora Mentors]
[SSH]
[Find Someone Special]
[Fedora Package Review]
[Fedora R Devel]
[Fedora PHP Devel]
[Kickstart]
[Fedora Music]
[Fedora Packaging]
[Centos]
[Fedora SELinux]
[Fedora Legal]
[Fedora Kernel]
[Fedora QA]
[Fedora Triage]
[Fedora OCaml]
[Coolkey]
[Virtualization Tools]
[ET Management Tools]
[Yum Users]
[Tux]
[Yosemite News]
[Yosemite Photos]
[Linux Apps]
[Maemo Users]
[Gnome Users]
[KDE Users]
[Fedora Tools]
[Fedora Art]
[Fedora Docs]
[Maemo Users]
[Asterisk PBX]
[Fedora Sparc]
[Fedora Universal Network Connector]
[Libvirt Users]
[Fedora ARM]
