Debian Bug report logs - #561308
chkrootkit: false positive for Xzibit Rootkit ("hdparm" string in system files)

Package: rkhunter; Maintainer for rkhunter is Debian Forensics <forensics-devel@lists.alioth.debian.org>; Source for rkhunter is src:rkhunter.

Reported by: Witold Baryluk <baryluk@smp.if.uj.edu.pl>

Date: Wed, 16 Dec 2009 01:18:02 UTC

Severity: normal

Done: Julien Valroff <julien@kirya.net>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, baryluk@smp.if.uj.edu.pl, Giuseppe Iuculano <giuseppe@iuculano.it>:
Bug#561308; Package chkrootkit. (Wed, 16 Dec 2009 01:18:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to Witold Baryluk <baryluk@smp.if.uj.edu.pl>:
New Bug report received and forwarded. Copy sent to baryluk@smp.if.uj.edu.pl, Giuseppe Iuculano <giuseppe@iuculano.it>. (Wed, 16 Dec 2009 01:18:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Witold Baryluk <baryluk@smp.if.uj.edu.pl>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: chkrootkit: false positive for Xzibit Rootkit ("hdparm" string in system files)
Date: Wed, 16 Dec 2009 02:15:15 +0100
Package: chkrootkit
Version: 0.49-3
Severity: normal

Fresh system on my laptop:

Warning: Checking for possible rootkit strings    [ Warning ]
         Found string 'hdparm' in file '/etc/init.d/.depend.boot'. Possible rootkit: Xzibit Rootkit
         Found string 'hdparm' in file '/etc/init.d/checkroot.sh'. Possible rootkit: Xzibit Rootkit
         Found string 'hdparm' in file '/etc/init.d/hdparm'. Possible rootkit: Xzibit Rootkit
         Found string 'hdparm' in file '/etc/init.d/bootlogd'. Possible rootkit: Xzibit Rootkit




-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.31-1-686-bigmem (SMP w/1 CPU core)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to pl_PL.UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages chkrootkit depends on:
ii  binutils                      2.20-4     The GNU assembler, linker and bina
ii  debconf [debconf-2.0]         1.5.28     Debian configuration management sy
ii  libc6                         2.10.2-2   GNU C Library: Shared libraries
ii  net-tools                     1.60-23    The NET-3 networking toolkit
ii  procps                        1:3.2.8-2  /proc file system utilities

chkrootkit recommends no packages.

chkrootkit suggests no packages.

-- debconf information:
* chkrootkit/run_daily_opts: -q
* chkrootkit/run_daily: true
* chkrootkit/diff_mode: false




Information forwarded to debian-bugs-dist@lists.debian.org, Giuseppe Iuculano <giuseppe@iuculano.it>:
Bug#561308; Package chkrootkit. (Tue, 19 Jan 2010 05:09:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Witold Baryluk" <baryluk@smp.if.uj.edu.pl>:
Extra info received and forwarded to list. Copy sent to Giuseppe Iuculano <giuseppe@iuculano.it>. (Tue, 19 Jan 2010 05:09:03 GMT) Full text and rfc822 format available.

Message #10 received at 561308@bugs.debian.org (full text, mbox):

From: "Witold Baryluk" <baryluk@smp.if.uj.edu.pl>
To: 561308@bugs.debian.org
Subject: Closing false positive for Xzibit Rootkit ("hdparm" string in system
Date: Tue, 19 Jan 2010 06:03:28 +0100
[Message part 1 (text/plain, inline)]
reassign 561308 rkhunter
forcemerge 559696 561308
thanks

Eh, by mistake i added this bug to chkrootkit package,
but it should be rkhunter.


-- 
Witold Baryluk
JID: witold.baryluk // jabster.pl
[signature.asc (application/pgp-signature, inline)]

Bug reassigned from package 'chkrootkit' to 'rkhunter'. Request was from Giuseppe Iuculano <iuculano@debian.org> to control@bugs.debian.org. (Wed, 03 Mar 2010 15:03:06 GMT) Full text and rfc822 format available.

Bug No longer marked as found in versions chkrootkit/0.49-3. Request was from Giuseppe Iuculano <iuculano@debian.org> to control@bugs.debian.org. (Wed, 03 Mar 2010 15:03:06 GMT) Full text and rfc822 format available.

Reply sent to Julien Valroff <julien@kirya.net>:
You have taken responsibility. (Wed, 03 Mar 2010 16:42:11 GMT) Full text and rfc822 format available.

Notification sent to Witold Baryluk <baryluk@smp.if.uj.edu.pl>:
Bug acknowledged by developer. (Wed, 03 Mar 2010 16:42:11 GMT) Full text and rfc822 format available.

Message #19 received at 561308-done@bugs.debian.org (full text, mbox):

From: Julien Valroff <julien@kirya.net>
To: 561308-done@bugs.debian.org
Subject: Re: Processed: reassign 561308 to rkhunter
Date: Wed, 03 Mar 2010 17:40:56 +0100
Le mercredi 03 mars 2010 à 15:03 +0000, Debian Bug Tracking System a
écrit :
> Processing commands for control@bugs.debian.org:
> 
> > reassign 561308 rkhunter
> Bug #561308 [chkrootkit] chkrootkit: false positive for Xzibit Rootkit ("hdparm" string in system files)
> Bug reassigned from package 'chkrootkit' to 'rkhunter'.
> Bug No longer marked as found in versions chkrootkit/0.49-3.
> > forcemerge 559696 561308
> Bug number 559696 not found. (Is it archived?)

559696 was closed and is now archived.

Please check README.Debian for detailed information about this false
positive.

Cheers,
Julien





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 01 Apr 2010 07:29:28 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 14:13:49 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.