Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 594106

Summary: app-forensics/chkrootkit-0.50: false positive for ssh Linux/Ebury Windigo
Product: Gentoo Linux Reporter: BobbyK <bobbykent32>
Component: Current packagesAssignee: No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed>
Status: RESOLVED TEST-REQUEST    
Severity: normal CC: bobbykent32
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description BobbyK 2016-09-17 13:28:17 UTC 
chkrootkit 0.50 reports:

Searching for Linux/Ebury - Operation Windigo ssh... Possible Linux/Ebury - Operation Windigo installetd

which is a false positive report resulting from a misinterpretation of the output of "ssh -G".  Fedora has a fix (see http://pkgs.fedoraproject.org/cgit/rpms/chkrootkit.git/commit/?h=f23&id=82dd537b2fd88850eb4327a80b2c9acb7dbcf2ab - changing the test from "ssh -G" to "ssh -H").  After applying the fix, chkrootkit reports:

Searching for Linux/Ebury - Operation Windigo ssh... nothing found

Thanks.
Comment 1 Pacho Ramos gentoo-dev 2017-08-30 18:28:26 UTC 
Please retry with 0.51 version
Comment 2 BobbyK 2017-09-30 00:07:31 UTC 
Looks good to me, thanks.