Package: rkhunter
Version: 1.3.2-6
Severity: normal
Since apt-get updating rkhunter to the most recent package, I get the following
false
positive by e-mail each day:
Warning: Network TCP port 6667 is being used by /usr/bin/znc. Possible rootkit:
Possible rogue IRC bot
Use the 'lsof -i' or 'netstat -an' command to check this.
ZNC is a legitimate IRC bouncer program and I am using the version packaged for
Debian.
Ideally, rkhunter would be fixed not to complain about this. Failing that, we
should note the
problem in README.debian along with a workaround, if there is one.
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-2-xen-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to
en_GB.UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages rkhunter depends on:
ii binutils 2.18.1~cvs20080103-7 The GNU assembler, linker and bina
ii debconf [debconf-2. 1.5.24 Debian configuration management sy
ii exim4 4.69-9 metapackage to ease Exim MTA (v4)
ii exim4-daemon-light 4.69-9 lightweight Exim MTA (v4) daemon
ii file 4.26-1 Determines file type using "magic"
ii net-tools 1.60-22 The NET-3 networking toolkit
ii perl 5.10.0-19lenny2 Larry Wall's Practical Extraction
Versions of packages rkhunter recommends:
ii curl 7.18.2-8lenny3 Get a file from an HTTP, HTTPS or
ii elinks 0.11.4-3 advanced text-mode WWW browser
ii iproute 20080725-2 networking and traffic control too
ii libmd5-perl 2.03-1 backwards-compatible wrapper for D
ii unhide 20080519-2 Forensic tool to find hidden proce
ii wget 1.11.4-2+lenny1 retrieves files from the web
Versions of packages rkhunter suggests:
ii bsd-mailx 8.1.2-0.20071201cvs-3 A simple mail user agent
-- debconf information:
rkhunter/apt_autogen: false
rkhunter/cron_daily_run:
rkhunter/cron_db_update:
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
