[Bug 1030378] New: When using VOIP Ekiga, after the first calls rkhunter gives a unnecessary warning.
http://bugzilla.opensuse.org/show_bug.cgi?id=1030378 Bug ID: 1030378 Summary: When using VOIP Ekiga, after the first calls rkhunter gives a unnecessary warning. Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: x86-64 OS: openSUSE 42.2 Status: NEW Severity: Enhancement Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: stakanov@freenet.de QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- The following appears after doing a VOIP call with Ekiga: Warning: Suspicious file types found in /dev: /dev/shm/CAPI20_shared_memory.v01000010: data /dev/shm/sem.CAPI20_shared_sem.v01000010: dBase IV DBT of \200.DBF, next free block index 1 Since Ekiga is an official package of the repository, maybe these file types should be whitelisted by default? CAPI stems from Common ISDN Application Programming Interface (CAPI) This happens probably because I did the VOIP call over an ISDN backed ADSL internetline. The idea is to avoid unnecessary alarm messages, to avoid causing doubts in users of rkhunter confronted with them. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1030378 http://bugzilla.opensuse.org/show_bug.cgi?id=1030378#c1 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |astieger@suse.com, | |saigkill@opensuse.org, | |security-team@suse.de Assignee|security-team@suse.de |saigkill@opensuse.org --- Comment #1 from Andreas Stieger <astieger@suse.com> --- Assign to rkhunter maintainer -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1030378 http://bugzilla.opensuse.org/show_bug.cgi?id=1030378#c2 Sascha Manns <saigkill@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |stakanov@freenet.de Flags| |needinfo?(stakanov@freenet. | |de) --- Comment #2 from Sascha Manns <saigkill@opensuse.org> --- Can you try out this version please: https://build.opensuse.org/package/show/home:saigkill:branches:security/rkhu... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1030378 http://bugzilla.opensuse.org/show_bug.cgi?id=1030378#c3 Stakanov Schufter <stakanov@freenet.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(saigkill@opensuse | |.org) --- Comment #3 from Stakanov Schufter <stakanov@freenet.de> --- do you want me to try this on 42.2 or on the 42.3 alfa? Or both? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1030378 http://bugzilla.opensuse.org/show_bug.cgi?id=1030378#c4 --- Comment #4 from Sascha Manns <saigkill@opensuse.org> --- What you have. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1030378 http://bugzilla.opensuse.org/show_bug.cgi?id=1030378#c5 --- Comment #5 from Stakanov Schufter <stakanov@freenet.de> --- I am trying but I am getting Object not found? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1030378 http://bugzilla.opensuse.org/show_bug.cgi?id=1030378#c6 --- Comment #6 from Sascha Manns <saigkill@opensuse.org> --- Can you provide some console output, where that error comes up, please? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1030378 http://bugzilla.opensuse.org/show_bug.cgi?id=1030378#c7 --- Comment #7 from Stakanov Schufter <stakanov@freenet.de> --- Don't worry this is only a misunderstanding with me, not knowing what to do. The link you pointed with the rpm you did build does indicate a download link. Tell me what to download exactly because the link gives the aforementioned error. I am definite that this is a pure PEBKAC error. Nothing to do with you correction that is, I am sure, correct. Where do I find the file and what exactly to download and install? I think it boils down to this embarrassing question. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1030378 http://bugzilla.opensuse.org/show_bug.cgi?id=1030378#c8 --- Comment #8 from Sascha Manns <saigkill@opensuse.org> --- Hi you can do anything like that: openSUSE Tumbleweed: zypper ar http://download.opensuse.org/repositories/home:/saigkill:/branches:/security... openSUSE Leap 42.2: zypper ar http://download.opensuse.org/repositories/home:/saigkill:/branches:/security... Then you can open the YaST Packagemanager, go to "Installationsources" Tab, choose "home:saigkill:branches:security" and choose "rkhunter". Now look at the tabs on the right side of YaST. You find there Description, Technical Data, Dependencies, Versions, Filelist and Changelist. Click on Versions. There you see all repositories and versions what providing rkhunter. Choose there the version from home:saigkill:branches:security. Now YaST does a update of rkhunter from that repository. Then rkhunter should be available on your system. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1030378 http://bugzilla.opensuse.org/show_bug.cgi?id=1030378#c9 --- Comment #9 from Sascha Manns <saigkill@opensuse.org> --- Works that package now for you? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1030378 http://bugzilla.opensuse.org/show_bug.cgi?id=1030378#c10 Stakanov Schufter <stakanov@freenet.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(stakanov@freenet. | |de) | --- Comment #10 from Stakanov Schufter <stakanov@freenet.de> --- No, the repos do not work. Yast says: cannot join repo zypper says: sudo zypper ar http://download.opensuse.org/repositories/home:/saigkill:/branches:/security... root's password: Se viene utilizzato un solo un argomento, questo deve essere un URI che punta a un file .repo. ?? I am trying to install in a vergin 42.3 but at least the repo should be accepted. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1030378 http://bugzilla.opensuse.org/show_bug.cgi?id=1030378#c11 --- Comment #11 from Sascha Manns <saigkill@opensuse.org> --- Oh sorry, you are right. The publish flag in the repo wasn't set. Now the mentioned repos for Leap 42.2 and Tumbleweed are available. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1030378 http://bugzilla.opensuse.org/show_bug.cgi?id=1030378#c12 Stakanov Schufter <stakanov@freenet.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(saigkill@opensuse | |.org) | --- Comment #12 from Stakanov Schufter <stakanov@freenet.de> --- First comment: program install well and service is started and running. b) program database is not up to date: rkhunter --update gives programs_bad.dat updated. So maybe that is fixed in the 42.3 version. I will now run propupd and a "-c --rwo" Then I will install Ekiga (virgin system) and do a call). then run -c --rwo again and then wait still for one cycle of automatic rkhuntertesting (should be about midnight if I am not wrong with the defaults). If none of these throws an error I will report back or in case I will report the error. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1030378 http://bugzilla.opensuse.org/show_bug.cgi?id=1030378#c13 --- Comment #13 from Stakanov Schufter <stakanov@freenet.de> --- Already one result: Warning: Unable to check for passwd file differences: no copy of the passwd file exists. Warning: Unable to check for group file differences: no copy of the group file exists. Warning: The SSH configuration option 'PermitRootLogin' has not been set. The default value may be 'yes', to allow root access. Warning: The SSH configuration option 'Protocol' has not been set. The default value may be '2,1', to allow the use of protocol version 1. Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text the SSH warning is normal (although I do not know how fitting since rkhunter should maybe set to not warn because the Leap default is 2 only AFAIK) The warning of fipscheck.hmac, however, is astonishing me. Isn't that white-listed too? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1030378 http://bugzilla.opensuse.org/show_bug.cgi?id=1030378#c14 --- Comment #14 from Sascha Manns <saigkill@opensuse.org> --- I prepared a new version what contains a rule for fipscheck. So it would be great, if you can test this out. Just a zypper up should update to the new package. The mentioned update of programs_bad.dat is as far as i know a normal issue. It can be, that the updates of that *.dat files also coming between releases. But if a 1.4.3 coming out, it should have a new set of updated files. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1030378 http://bugzilla.opensuse.org/show_bug.cgi?id=1030378#c15 Stakanov Schufter <stakanov@freenet.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(saigkill@opensuse | |.org) --- Comment #15 from Stakanov Schufter <stakanov@freenet.de> --- rkhunter -c --rwo Warning: The SSH configuration option 'PermitRootLogin' has not been set. The default value may be 'yes', to allow root access. Warning: The SSH configuration option 'Protocol' has not been set. The default value may be '2,1', to allow the use of protocol version 1. Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text This is on 42.3 alfa with the new version you gave free. So apparently it senses still fipscheck.hmac -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1030378 http://bugzilla.opensuse.org/show_bug.cgi?id=1030378#c16 Sascha Manns <saigkill@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #16 from Sascha Manns <saigkill@opensuse.org> --- Closing the bug for now. Following changes was done in this bug: ALLOWDEVFILE=/dev/shm/CAPI20* ALLOWDEVFILE=/dev/shm/sem.CAPI20* ALLOWHIDDENFILE=/usr/bin/.fipscheck.hmac Submitted via https://build.opensuse.org/request/show/489920 Must see, if the .fipscheck.hmac problem is available in Leap 42.3. Please reopen, if this is comes again in Leap 42.3. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1030378 http://bugzilla.opensuse.org/show_bug.cgi?id=1030378#c17 Stakanov Schufter <stakanov@freenet.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(saigkill@opensuse | |.org) | --- Comment #17 from Stakanov Schufter <stakanov@freenet.de> --- Thank you for taking care of this so quickly. Outstanding! Will update you if the problem shows up in 42.3. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com