Devuan bug report logs - #292
eudev causes false postive in rkhunter

Package: eudev; Maintainer for eudev is Devuan Dev Team <devuan-dev@lists.dyne.org>; Source for eudev is src:eudev.

Reported by: Chris Dos <chris@chrisdos.com>

Date: Sun, 10 Feb 2019 14:33:01 UTC

Severity: normal

Done: Svante Signell <svante.signell@gmail.com>

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.devuan.org
Subject: bug#292: eudev causes false postive in rkhunter
Reply-To: Chris Dos <chris@chrisdos.com>, 292@bugs.devuan.org
Resent-From: Chris Dos <chris@chrisdos.com>
Resent-To: devuan-bugs@lists.dyne.org
Resent-CC: owner@bugs.devuan.org
Resent-Date: Sun, 10 Feb 2019 14:33:01 UTC
Resent-Message-ID: <handler.292.B.154980900510494@bugs.devuan.org>
Resent-Sender: owner@bugs.devuan.org
X-Devuan-PR-Message: report 292
X-Devuan-PR-Package: eudev
X-Devuan-PR-Keywords: 
Received: via spool by submit@bugs.devuan.org id=B.154980900510494
          (code B ref -1); Sun, 10 Feb 2019 14:33:01 UTC
Received: (at submit) by bugs.devuan.org; 10 Feb 2019 14:30:05 +0000
Delivered-To: devuanbugs@dyne.org
Received: from tupac3.dyne.org [195.169.149.119]
	by fulcanelli with IMAP (fetchmail-6.3.26)
	for <debbugs@localhost> (single-drop); Sun, 10 Feb 2019 15:30:05 +0100 (CET)
Received: from windwalker.chrisdos.com (windwalker.chrisdos.com [71.33.251.73])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by vm6.ganeti.dyne.org (Postfix) with ESMTPS id BB777F60AC2
	for <submit@bugs.devuan.org>; Sun, 10 Feb 2019 15:23:47 +0100 (CET)
Authentication-Results: vm6.ganeti.dyne.org;
	dkim=pass (1024-bit key; unprotected) header.d=chrisdos.com header.i=@chrisdos.com header.b="FKwjtKgD";
	dkim=pass (1024-bit key) header.d=chrisdos.com header.i=@chrisdos.com header.b="LG6CHPPc";
	dkim-atps=neutral
Received: from localhost (localhost.localdomain [127.0.0.1])
	by windwalker.chrisdos.com (Postfix) with ESMTP id 4250013D94C
	for <submit@bugs.devuan.org>; Sun, 10 Feb 2019 07:23:46 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=chrisdos.com;
	s=windwalker-dkim; t=1549808626;
	bh=wloj/65Ypr5R2DbgiO1y6dHbaSVdOOltRma1J0pdllo=;
	h=From:To:Subject:Date:From;
	b=FKwjtKgDXTYd6gk2by8i/rpt/7q03bLbesg5rMXKaYBlCo7dmQIcKzgfQRF3G/eh8
	 KpW4/EIJNa022VhOX4K+3oxb0ynA0lnAU7jxuGVRe6i7St9lf8iUxB6sPo92tZTIyG
	 +jvf3xuwziaw0tqrGrE3nJCYXJUhRXdcpX66YB0o=
X-Virus-Scanned: Debian amavisd-new at windwalker.chrisdos.com
Received: from windwalker.chrisdos.com ([127.0.0.1])
	by localhost (windwalker.chrisdos.com [127.0.0.1]) (amavisd-new, port 10024)
	with SMTP id Yatv20bJegeY; Sun, 10 Feb 2019 07:23:20 -0700 (MST)
Received: from muaddib.chrisdos.com (unknown [192.168.9.9])
	by windwalker.chrisdos.com (Postfix) with ESMTPS id 6A00513D842;
	Sun, 10 Feb 2019 07:23:20 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=chrisdos.com;
	s=windwalker-dkim; t=1549808600;
	bh=wloj/65Ypr5R2DbgiO1y6dHbaSVdOOltRma1J0pdllo=;
	h=From:To:Subject:Date:From;
	b=LG6CHPPcbqUr15T2H1ley3Cm2Wk9w07clYXz+eYz6GO6acC4UuB+ZZg/9jiJD9qSz
	 CDkscKRZWJlpSgHmb2Q5VLMqmIFpUIsdOxXmTdb7xKzq5nec5f+ZQqc/wdpfm8CLD8
	 OpMvg4ZoSWBjfADVJQ9Gfs0dyERkA3ztiromEnTk=
Received: by muaddib.chrisdos.com (Postfix, from userid 1000)
	id 73E2E510AA; Sun, 10 Feb 2019 07:23:14 -0700 (MST)
Content-Type: multipart/mixed; boundary="===============5451612743411365447=="
MIME-Version: 1.0
From: Chris Dos <chris@chrisdos.com>
To: Devuan Bug Tracking System <submit@bugs.devuan.org>
Message-ID: <154980859443.17145.6725615830673212037.reportbug@muaddib.chrisdos.com>
X-Mailer: reportbug 7.5.1+devuan1
Date: Sun, 10 Feb 2019 07:23:14 -0700
X-Spam-Status: No, score=-0.2 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_PASS,SPF_PASS autolearn=disabled
	version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on tupac3.dyne.org
[Message part 1 (text/plain, inline)]
Package: eudev
Version: 3.2.7-5
Severity: normal

The eudev init script names it's pid file udev.pid and causes a false
positive in rkhunter:

Warning: Checking for possible rootkit files and directories [ Warning ]
         Found file '/var/run/udev.pid'. Possible rootkit: xorddos component

Changing the init file to use the pid name of eudev.pid fixes the
problem.  

-- Package-specific info:

-- System Information:
Distributor ID:	Devuan
Description:	Devuan GNU/Linux 10 (n/a)
Release:	10
Codename:	n/a
Architecture: x86_64

Kernel: Linux 4.19.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US), LANGUAGE=en_US (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages eudev depends on:
ii  adduser      3.118
ii  debconf      1.5.70
ii  libblkid1    2.32.1-0.1+devuan2.1
ii  libc6        2.28-6
ii  libeudev1    3.2.7-5
ii  libkmod2     25-2
ii  libselinux1  2.8-1+b1
ii  lsb-base     9.20160110
ii  procps       2:3.3.11-3
ii  util-linux   2.32.1-0.1+devuan2.1

eudev recommends no packages.

eudev suggests no packages.

-- Configuration Files:
/etc/init.d/eudev changed:
PATH="/sbin:/bin"
NAME="udevd"
DAEMON="/sbin/udevd"
DESC="hot-plug events dispatcher"
PIDFILE="/run/eudev.pid"
CTRLFILE="/run/udev/control"
OMITDIR="/run/sendsigs.omit.d"
unmount_devpts() {
  if mountpoint -q /dev/pts/; then
    umount -n -l /dev/pts/
  fi
  if mountpoint -q /dev/shm/; then
    umount -n -l /dev/shm/
  fi
}
mount_devtmpfs() {
  if grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then
    mount -n -o remount,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev
    return
  fi
  if ! mount -n -o size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev; then
    log_failure_msg "udev requires devtmpfs support, not started"
    log_end_msg 1
  fi
  return 0
}
create_dev_makedev() {
  if [ -e /sbin/MAKEDEV ]; then
    ln -sf /sbin/MAKEDEV /dev/MAKEDEV
  else
    ln -sf /bin/true /dev/MAKEDEV
  fi
}
move_udev_database() {
  [ -e "/dev/.udev/" ] || return 0
  [ ! -e /run/udev/ ] || return 0
  [ -e /run/ ] || return 0
  mountpoint -q /run/ || return 0
  mv /dev/.udev/ /run/udev/ || true
}
supported_kernel() {
  case "$(uname -r)" in
    2.[012345].*|2.6.[0-9]|2.6.[0-9][!0-9]*) return 1 ;;
    2.6.[12][0-9]|2.6.[12][0-9][!0-9]*) return 1 ;;
    2.6.3[0-1]|2.6.3[0-1][!0-9]*) return 1 ;;
  esac
  return 0
}
my_tty() {
  [ -x /bin/readlink ] || return 0
  [ -e /proc/self/fd/0 ] || return 0
  readlink --silent /proc/self/fd/0 || true
}
warn_if_interactive() {
  if [ "$RUNLEVEL" = "S" -a "$PREVLEVEL" = "N" ]; then
    return
  fi
  TTY=$(my_tty)
  if [ -z "$TTY" -o "$TTY" = "/dev/console" -o "$TTY" = "/dev/null" ]; then
    return
  fi
  printf "\n\n\nIt has been detected that the command\n\n\t$0 $*\n\n"
  printf "has been run from an interactive shell.\n"
  printf "It will probably not do what you expect, so this script will wait\n"
  printf "60 seconds before continuing. Press ^C to stop it.\n"
  printf "RUNNING THIS COMMAND IS HIGHLY DISCOURAGED!\n\n\n\n"
  sleep 60
}
make_static_nodes() {
  [ -e /lib/modules/$(uname -r)/modules.devname ] || return 0
  [ -x /bin/kmod ] || return 0
  /bin/kmod static-nodes --format=tmpfiles --output=/proc/self/fd/1 | \
  while read type name mode uid gid age arg; do
    [ -e $name ] && continue
    case "$type" in
      c|b|c!|b!) mknod -m $mode $name $type $(echo $arg | sed 's/:/ /') ;;
      d|d!) mkdir $name ;;
      *) echo "unparseable line ($type $name $mode $uid $gid $age $arg)" >&2 ;;
    esac
    if [ -x /sbin/restorecon ]; then
      /sbin/restorecon $name
    fi
  done
}
[ -x $DAEMON ] || exit 0
tmpfs_size="10M"
if [ -e /etc/udev/udev.conf ]; then
  . /etc/udev/udev.conf
fi
. /lib/lsb/init-functions
if ! supported_kernel; then
  log_failure_msg "udev requires a kernel >= 2.6.32, not started"
  log_end_msg 1
fi
if [ ! -e /proc/filesystems ]; then
  log_failure_msg "udev requires a mounted procfs, not started"
  log_end_msg 1
fi
if ! grep -q '[[:space:]]devtmpfs$' /proc/filesystems; then
  log_failure_msg "udev requires devtmpfs support, not started"
  log_end_msg 1
fi
if [ ! -d /sys/class/ ]; then
  log_failure_msg "udev requires a mounted sysfs, not started"
  log_end_msg 1
fi
if ! ps --no-headers --format args ax | egrep -q '^\['; then
  log_warning_msg "udev does not support containers, not started"
  exit 0
fi
if [ -d /sys/class/mem/null -a ! -L /sys/class/mem/null ] || \
   [ -e /sys/block -a ! -e /sys/class/block ]; then
  log_warning_msg "CONFIG_SYSFS_DEPRECATED must not be selected"
  log_warning_msg "Booting will continue in 30 seconds but many things will be broken"
  sleep 30
fi
case "$1" in
    start)
    if mountpoint -q /dev/; then
	TMPFS_MOUNTED=1
    elif [ -e "/dev/.udev/" ]; then
	log_warning_msg ".udev/ already exists on the static /dev"
    fi
    if [ ! -e "/dev/.udev/" -a ! -e "/run/udev/" ]; then
	warn_if_interactive
    fi
    if [ -w /sys/kernel/uevent_helper ]; then
	echo > /sys/kernel/uevent_helper
    fi
    move_udev_database
    if [ -z "$TMPFS_MOUNTED" ]; then
	unmount_devpts
	mount_devtmpfs
	[ -d /proc/1 ] || mount -n /proc
    fi
    make_static_nodes
    # clean up parts of the database created by the initramfs udev
    udevadm info --cleanup-db
    # set the SELinux context for devices created in the initramfs
    [ -x /sbin/restorecon ] && /sbin/restorecon -R /dev
    log_daemon_msg "Starting $DESC" "$NAME"
    if start-stop-daemon --start $NAME --user root --quiet \
      --pidfile $PIDFILE --exec $DAEMON --background --make-pidfile; then
      # prevent udevd to be killed by sendsigs (see #261 & DEBIAN #791944)
      mkdir -p $OMITDIR/$NAME
      ln -sf $PIDFILE $OMITDIR/$NAME
	  log_end_msg $?
    else
	log_warning_msg $?
	log_warning_msg "Waiting 15 seconds and trying to continue anyway"
	sleep 15
    fi
    log_action_begin_msg "Synthesizing the initial hotplug events"
    if udevadm trigger --action=add; then
	log_action_end_msg $?
    else
	log_action_end_msg $?
    fi
    create_dev_makedev
    # wait for the udevd childs to finish
    log_action_begin_msg "Waiting for /dev to be fully populated"
    if udevadm settle; then
	log_action_end_msg 0
    else
	log_action_end_msg 0 'timeout'
    fi
    ;;
    stop)
    log_daemon_msg "Stopping $DESC" "$NAME"
    if start-stop-daemon --stop --name $NAME --user root --quiet \
      --pidfile $PIDFILE --remove-pidfile --oknodo --retry 5; then
      # prevents cryptsetup/dmsetup hangs ( see #261 & Debian bug #791944 )
      rm -f $CTRLFILE
	  log_end_msg $?
    else
	log_end_msg $?
    fi
    ;;
    restart)
    log_daemon_msg "Stopping the hotplug events dispatcher" "udevd"
    if start-stop-daemon --stop --name udevd --user root --quiet \
      --pidfile $PIDFILE --remove-pidfile --oknodo --retry 5; then
	  # prevents cryptsetup/dmsetup hangs ( see #261 & Debian bug #791944 )
      rm -f $CTRLFILE
	  log_end_msg $?
    else
	log_end_msg $? || true
    fi
    log_daemon_msg "Starting $DESC" "$NAME"
    if start-stop-daemon --start $NAME --user root --quiet \
      --pidfile $PIDFILE --exec $DAEMON --background --make-pidfile; then
      # prevent udevd to be killed by sendsigs (see #261 & DEBIAN #791944)
      mkdir -p $OMITDIR/$NAME
      ln -sf $PIDFILE $OMITDIR/$NAME
	  log_end_msg $?
    else
	log_end_msg $?
    fi
    ;;
    reload|force-reload)
    udevadm control --reload-rules
    ;;
    status)
    status_of_proc $DAEMON $NAME && exit 0 || exit $?
    ;;
    *)
    echo "Usage: /etc/init.d/udev {start|stop|restart|reload|force-reload|status}" >&2
    exit 1
    ;;
esac
exit 0


-- no debconf information
[udev-database.txt (text/plain, attachment)]

Send a report that this bug log contains spam.


Devuan BTS -- Powered by Debian bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.

Devuan Bugs Owner <owner@bugs.devuan.org>.
Last modified: Sun Dec 22 21:41:54 2024;