Description of problem: Warning: Hidden file found: /usr/share/man/man5/.k5identity.5.xz: XZ compressed data Since a Mageia maintainer has added .k5login.5 to /etc/rkhunter.conf, I suggest adding ALLOWHIDDENFILE=/usr/share/man/man5/.k5identity.5.xz Temporary USER workaround is add the line to /etc/rkhunter.conf.local Warning: The syslog daemon is not running. Now that rsyslog is no longer installed by default and journald is its replacement, I think the syslog daemon check needs to be masked/disabled and ask upstream to look into detecting journald. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. click up a terminal, su - root and run the following: urpmi rkhunter /bin/rm -f /dev/shm/pulse* rkhunter --propupd rkhunter --skip-keypress -C rkhunter --skip-keypress -c 2. grep -i warning /var/log/rkhunter.log
Summary: 2_a3: rkhunter Warnings (syslog, .k5identity.5.xz) => 3_a3: rkhunter Warnings (syslog, .k5identity.5.xz)
Oops, out of order steps for root should have rkhunter --skip-keypress -C /bin/rm -f /dev/shm/pulse* rkhunter --propupd rkhunter --skip-keypress -c I also can recommend adding RTKT_FILE_WHITELIST="/etc/crontab" to /etc/rkhunter.conf. That has suppressed the warning messages I get from the /etc/cron.daily run like this snippet: Warning: The following processes are using suspicious files: Command: crond UID: 0 PID: 805 Pathname: /etc/crontab Possible Rootkit: Unknown rootkit <snipped 8 more of the above message> run-parts: /etc/cron.daily/rkhunter exited with return code 1
Assignee: bugsquad => remco
Status: NEW => ASSIGNED
FYI: Last night updates have removed/relocated several files. One of which has been removed is Invalid RTKT_FILE_WHITELIST configuration option: Non-existent pathname: /etc/rc.d/rc.sysinit
Blocks: (none) => 9398
Hi, thank you for your report. I believe the update in updates_testing rkhunter-1.4.0-3.1.mga3 fixes this problem. Please test it, I hope it solves this problem. Additionally, it should also cover the issues reported in #9398 and #9313
Assignee: remco => qa-bugsCC: (none) => remco
Version: Cauldron => 3
Depends on: (none) => 9313
Assignee: qa-bugs => remcoBlocks: 9398 => (none)
(In reply to Remco Rijnders from comment #3) > Hi, thank you for your report. I believe the update in updates_testing > rkhunter-1.4.0-3.1.mga3 fixes this problem. Installed rkhunter-1.4.0 and executed rkhunter --skip-keypress -C rkhunter --skip-keypress -c and saw no problems on $ cat /etc/release Mageia release 3 (Official) for x86_64
I can't reproduce the bug with rkhunter-1.4.0-3.mga3 (Core/Release), maybe it was fixed between 1.mga3 and 3.mga3?
CC: (none) => remi
/etc/cron.daily/rkhunter was reporting this warning prior to the update. From cron's email on 24/06/13: /etc/cron.daily/rkhunter: Warning: GasKit Rootkit [ Warning ] Directory '/dev/dev' found Warning: Hidden file found: /usr/share/man/man5/.k5identity.5.xz: XZ compressed data run-parts: /etc/cron.daily/rkhunter exited with return code 1
what is the status of this bug with the last update of rkhunter which is coming ?
Keywords: (none) => NEEDINFO
It is fixed - see Comment#4 and Bug#9313
ok
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED