Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 370401 - app-forensics/rkhunter - false positive for Xzibit
Summary: app-forensics/rkhunter - false positive for Xzibit
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: AMD64 Linux
: Normal normal
Assignee: Forensics Herd [disbanded]
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-06-07 06:04 UTC by Cédric Jeanneret
Modified: 2011-07-11 23:12 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Cédric Jeanneret 2011-06-07 06:04:30 UTC 
Hello,

while checking my system, rkhunter raised an alert, saying that I may be infected by Xzibit rootkit.
After some research, it doesn't seem to be the case (chkrootkit is clean), and I stumbled on this Debian bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576680

I think t may be useful to take this patch in Gentoo, don't you?

Thanks in advance.

Cheers,

C.

Reproducible: Always

Steps to Reproduce:
1. run rkhunter
Actual Results:  
raises possible false-positive on Xzibit

Expected Results:  
shouldn't do that unless it's a real possibility
Comment 1 Tim Harder gentoo-dev 2011-07-11 23:12:02 UTC 
This should be fixed in rkhunter-1.3.8. Please try that version and reopen if the problem still exists.