Devuan bug report logs - #292
eudev causes false postive in rkhunter

Package: eudev; Maintainer for eudev is Devuan Dev Team <devuan-dev@lists.dyne.org>; Source for eudev is src:eudev.

Reported by: Chris Dos <chris@chrisdos.com>

Date: Sun, 10 Feb 2019 14:33:01 UTC

Severity: normal

Done: Svante Signell <svante.signell@gmail.com>

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to devuan-bugs@lists.dyne.org, owner@bugs.devuan.org:
bug#292; Package eudev. (full text, mbox, link).


Acknowledgement sent to Chris Dos <chris@chrisdos.com>:
New bug report received and forwarded. Copy sent to owner@bugs.devuan.org. (full text, mbox, link).


Message #5 received at submit@bugs.devuan.org (full text, mbox, reply):

From: Chris Dos <chris@chrisdos.com>
To: Devuan Bug Tracking System <submit@bugs.devuan.org>
Subject: eudev causes false postive in rkhunter
Date: Sun, 10 Feb 2019 07:23:14 -0700
[Message part 1 (text/plain, inline)]
Package: eudev
Version: 3.2.7-5
Severity: normal

The eudev init script names it's pid file udev.pid and causes a false
positive in rkhunter:

Warning: Checking for possible rootkit files and directories [ Warning ]
         Found file '/var/run/udev.pid'. Possible rootkit: xorddos component

Changing the init file to use the pid name of eudev.pid fixes the
problem.  

-- Package-specific info:

-- System Information:
Distributor ID:	Devuan
Description:	Devuan GNU/Linux 10 (n/a)
Release:	10
Codename:	n/a
Architecture: x86_64

Kernel: Linux 4.19.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US), LANGUAGE=en_US (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages eudev depends on:
ii  adduser      3.118
ii  debconf      1.5.70
ii  libblkid1    2.32.1-0.1+devuan2.1
ii  libc6        2.28-6
ii  libeudev1    3.2.7-5
ii  libkmod2     25-2
ii  libselinux1  2.8-1+b1
ii  lsb-base     9.20160110
ii  procps       2:3.3.11-3
ii  util-linux   2.32.1-0.1+devuan2.1

eudev recommends no packages.

eudev suggests no packages.

-- Configuration Files:
/etc/init.d/eudev changed:
PATH="/sbin:/bin"
NAME="udevd"
DAEMON="/sbin/udevd"
DESC="hot-plug events dispatcher"
PIDFILE="/run/eudev.pid"
CTRLFILE="/run/udev/control"
OMITDIR="/run/sendsigs.omit.d"
unmount_devpts() {
  if mountpoint -q /dev/pts/; then
    umount -n -l /dev/pts/
  fi
  if mountpoint -q /dev/shm/; then
    umount -n -l /dev/shm/
  fi
}
mount_devtmpfs() {
  if grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then
    mount -n -o remount,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev
    return
  fi
  if ! mount -n -o size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev; then
    log_failure_msg "udev requires devtmpfs support, not started"
    log_end_msg 1
  fi
  return 0
}
create_dev_makedev() {
  if [ -e /sbin/MAKEDEV ]; then
    ln -sf /sbin/MAKEDEV /dev/MAKEDEV
  else
    ln -sf /bin/true /dev/MAKEDEV
  fi
}
move_udev_database() {
  [ -e "/dev/.udev/" ] || return 0
  [ ! -e /run/udev/ ] || return 0
  [ -e /run/ ] || return 0
  mountpoint -q /run/ || return 0
  mv /dev/.udev/ /run/udev/ || true
}
supported_kernel() {
  case "$(uname -r)" in
    2.[012345].*|2.6.[0-9]|2.6.[0-9][!0-9]*) return 1 ;;
    2.6.[12][0-9]|2.6.[12][0-9][!0-9]*) return 1 ;;
    2.6.3[0-1]|2.6.3[0-1][!0-9]*) return 1 ;;
  esac
  return 0
}
my_tty() {
  [ -x /bin/readlink ] || return 0
  [ -e /proc/self/fd/0 ] || return 0
  readlink --silent /proc/self/fd/0 || true
}
warn_if_interactive() {
  if [ "$RUNLEVEL" = "S" -a "$PREVLEVEL" = "N" ]; then
    return
  fi
  TTY=$(my_tty)
  if [ -z "$TTY" -o "$TTY" = "/dev/console" -o "$TTY" = "/dev/null" ]; then
    return
  fi
  printf "\n\n\nIt has been detected that the command\n\n\t$0 $*\n\n"
  printf "has been run from an interactive shell.\n"
  printf "It will probably not do what you expect, so this script will wait\n"
  printf "60 seconds before continuing. Press ^C to stop it.\n"
  printf "RUNNING THIS COMMAND IS HIGHLY DISCOURAGED!\n\n\n\n"
  sleep 60
}
make_static_nodes() {
  [ -e /lib/modules/$(uname -r)/modules.devname ] || return 0
  [ -x /bin/kmod ] || return 0
  /bin/kmod static-nodes --format=tmpfiles --output=/proc/self/fd/1 | \
  while read type name mode uid gid age arg; do
    [ -e $name ] && continue
    case "$type" in
      c|b|c!|b!) mknod -m $mode $name $type $(echo $arg | sed 's/:/ /') ;;
      d|d!) mkdir $name ;;
      *) echo "unparseable line ($type $name $mode $uid $gid $age $arg)" >&2 ;;
    esac
    if [ -x /sbin/restorecon ]; then
      /sbin/restorecon $name
    fi
  done
}
[ -x $DAEMON ] || exit 0
tmpfs_size="10M"
if [ -e /etc/udev/udev.conf ]; then
  . /etc/udev/udev.conf
fi
. /lib/lsb/init-functions
if ! supported_kernel; then
  log_failure_msg "udev requires a kernel >= 2.6.32, not started"
  log_end_msg 1
fi
if [ ! -e /proc/filesystems ]; then
  log_failure_msg "udev requires a mounted procfs, not started"
  log_end_msg 1
fi
if ! grep -q '[[:space:]]devtmpfs$' /proc/filesystems; then
  log_failure_msg "udev requires devtmpfs support, not started"
  log_end_msg 1
fi
if [ ! -d /sys/class/ ]; then
  log_failure_msg "udev requires a mounted sysfs, not started"
  log_end_msg 1
fi
if ! ps --no-headers --format args ax | egrep -q '^\['; then
  log_warning_msg "udev does not support containers, not started"
  exit 0
fi
if [ -d /sys/class/mem/null -a ! -L /sys/class/mem/null ] || \
   [ -e /sys/block -a ! -e /sys/class/block ]; then
  log_warning_msg "CONFIG_SYSFS_DEPRECATED must not be selected"
  log_warning_msg "Booting will continue in 30 seconds but many things will be broken"
  sleep 30
fi
case "$1" in
    start)
    if mountpoint -q /dev/; then
	TMPFS_MOUNTED=1
    elif [ -e "/dev/.udev/" ]; then
	log_warning_msg ".udev/ already exists on the static /dev"
    fi
    if [ ! -e "/dev/.udev/" -a ! -e "/run/udev/" ]; then
	warn_if_interactive
    fi
    if [ -w /sys/kernel/uevent_helper ]; then
	echo > /sys/kernel/uevent_helper
    fi
    move_udev_database
    if [ -z "$TMPFS_MOUNTED" ]; then
	unmount_devpts
	mount_devtmpfs
	[ -d /proc/1 ] || mount -n /proc
    fi
    make_static_nodes
    # clean up parts of the database created by the initramfs udev
    udevadm info --cleanup-db
    # set the SELinux context for devices created in the initramfs
    [ -x /sbin/restorecon ] && /sbin/restorecon -R /dev
    log_daemon_msg "Starting $DESC" "$NAME"
    if start-stop-daemon --start $NAME --user root --quiet \
      --pidfile $PIDFILE --exec $DAEMON --background --make-pidfile; then
      # prevent udevd to be killed by sendsigs (see #261 & DEBIAN #791944)
      mkdir -p $OMITDIR/$NAME
      ln -sf $PIDFILE $OMITDIR/$NAME
	  log_end_msg $?
    else
	log_warning_msg $?
	log_warning_msg "Waiting 15 seconds and trying to continue anyway"
	sleep 15
    fi
    log_action_begin_msg "Synthesizing the initial hotplug events"
    if udevadm trigger --action=add; then
	log_action_end_msg $?
    else
	log_action_end_msg $?
    fi
    create_dev_makedev
    # wait for the udevd childs to finish
    log_action_begin_msg "Waiting for /dev to be fully populated"
    if udevadm settle; then
	log_action_end_msg 0
    else
	log_action_end_msg 0 'timeout'
    fi
    ;;
    stop)
    log_daemon_msg "Stopping $DESC" "$NAME"
    if start-stop-daemon --stop --name $NAME --user root --quiet \
      --pidfile $PIDFILE --remove-pidfile --oknodo --retry 5; then
      # prevents cryptsetup/dmsetup hangs ( see #261 & Debian bug #791944 )
      rm -f $CTRLFILE
	  log_end_msg $?
    else
	log_end_msg $?
    fi
    ;;
    restart)
    log_daemon_msg "Stopping the hotplug events dispatcher" "udevd"
    if start-stop-daemon --stop --name udevd --user root --quiet \
      --pidfile $PIDFILE --remove-pidfile --oknodo --retry 5; then
	  # prevents cryptsetup/dmsetup hangs ( see #261 & Debian bug #791944 )
      rm -f $CTRLFILE
	  log_end_msg $?
    else
	log_end_msg $? || true
    fi
    log_daemon_msg "Starting $DESC" "$NAME"
    if start-stop-daemon --start $NAME --user root --quiet \
      --pidfile $PIDFILE --exec $DAEMON --background --make-pidfile; then
      # prevent udevd to be killed by sendsigs (see #261 & DEBIAN #791944)
      mkdir -p $OMITDIR/$NAME
      ln -sf $PIDFILE $OMITDIR/$NAME
	  log_end_msg $?
    else
	log_end_msg $?
    fi
    ;;
    reload|force-reload)
    udevadm control --reload-rules
    ;;
    status)
    status_of_proc $DAEMON $NAME && exit 0 || exit $?
    ;;
    *)
    echo "Usage: /etc/init.d/udev {start|stop|restart|reload|force-reload|status}" >&2
    exit 1
    ;;
esac
exit 0


-- no debconf information
[udev-database.txt (text/plain, attachment)]

Reply sent to svante.signell@gmail.com:
You have taken responsibility. (Mon, 27 Jan 2020 11:33:02 GMT) (full text, mbox, link).


Notification sent to Chris Dos <chris@chrisdos.com>:
bug acknowledged by developer. (Mon, 27 Jan 2020 11:33:10 GMT) (full text, mbox, link).


Message #10 received at 292-close@bugs.devuan.org (full text, mbox, reply):

From: Svante Signell <svante.signell@gmail.com>
To: 292-close@bugs.devuan.org
Subject: [Devuan-bugs] bug#292: eudev causes false postive in rkhunter
Date: Mon, 27 Jan 2020 12:27:53 +0100
Fixed by eudev-3.2.9-1, closing.


Message #11 received at 292-close@bugs.devuan.org (full text, mbox, reply):

From: Svante Signell <svante.signell@gmail.com>
To: 292-close@bugs.devuan.org
Subject: [Devuan-bugs] bug#334: eudev service might be using an incomplete PATH
Date: Mon, 27 Jan 2020 12:31:36 +0100
Fixed by eudev-3.2.9-1, closing.



Send a report that this bug log contains spam.


Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Fri Mar 29 09:29:17 2024;