Description of problem: rkhunter reports /usr/include/file.h as rootkit Version-Release number of selected component (if applicable): Mageia 8.0 How reproducible: Always Steps to Reproduce: 1. Install lib64magic-devel 2. Run rkhunter and look at log file 3. It reports /usr/include/file.h under SHV4 and SHV5 rootkits even though this file is provided by a Mageia package
Thank you for the report. To be clear about one thing, the file in question seems to only be provided by the lib-devel mentioned: $ urpmf /usr/include/file.h lib64magic-devel:/usr/include/file.h $ and that lib-devel is required by: $ urpmq --whatrequires lib64magic-devel lib64createrepo_c-devel lib64magic-devel lib64magic-static-devel lib64modulemd-devel lib64radare2-devel lib64rizin-devel lib64rpm-devel lib64sox-devel ocaml-magic ocaml-magic Summary : OCaml bindings for the File type determination library rkhunter Summary : Rootkit scans for rootkits, backdoors and local exploits Description : Rootkit scanner is scanning tool to ensure you you're clean of known nasty tools. This tool scans for rootkits, backdoors and local exploits Perhaps this aspect is the catch: - Look for default files used by rootkits This package has no fixed maintainer, so assigning this bug globally.
Assignee: bugsquad => pkg-bugsWhiteboard: (none) => MGA9TOO ?