Devuan bug report logs - #292
eudev causes false postive in rkhunter

Full log

🔗 View this message in rfc822 format

MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
X-Loop: owner@bugs.devuan.org
From: "Devuan bug Tracking System" <owner@bugs.devuan.org>
To: svante.signell@gmail.com
Subject: bug#292: marked as done (eudev causes false postive in rkhunter)
Message-ID: <handler.292.D292.15801247052181.ackdone@bugs.devuan.org>
References: <211afc9fed808e06790cf76e9b8960b3134656a5.camel@gmail.com>
 <154980859443.17145.6725615830673212037.reportbug@muaddib.chrisdos.com>
X-Devuan-PR-Message: closed 292
X-Devuan-PR-Package: eudev
Reply-To: 292@bugs.devuan.org
Date: Mon, 27 Jan 2020 11:33:02 +0000
Content-Type: multipart/mixed; boundary="----------=_1580124782-2204-0"

[Message part 1 (text/plain, inline)]

Your message dated Mon, 27 Jan 2020 12:27:53 +0100
with message-id <211afc9fed808e06790cf76e9b8960b3134656a5.camel@gmail.com>
and subject line [Devuan-bugs] bug#292: eudev causes false postive in rkhunter
has caused the Devuan bug report #292,
regarding eudev causes false postive in rkhunter
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.devuan.org
immediately.)


-- 
292: https://bugs.devuan.org/cgi/bugreport.cgi?bug=292
Devuan Bug Tracking System
Contact owner@bugs.devuan.org with problems

[Message part 2 (message/rfc822, inline)]

From: Chris Dos <chris@chrisdos.com>

To: Devuan Bug Tracking System <submit@bugs.devuan.org>

Subject: eudev causes false postive in rkhunter

Date: Sun, 10 Feb 2019 07:23:14 -0700

[Message part 3 (text/plain, inline)]

Package: eudev
Version: 3.2.7-5
Severity: normal

The eudev init script names it's pid file udev.pid and causes a false
positive in rkhunter:

Warning: Checking for possible rootkit files and directories [ Warning ]
         Found file '/var/run/udev.pid'. Possible rootkit: xorddos component

Changing the init file to use the pid name of eudev.pid fixes the
problem.  

-- Package-specific info:

-- System Information:
Distributor ID:	Devuan
Description:	Devuan GNU/Linux 10 (n/a)
Release:	10
Codename:	n/a
Architecture: x86_64

Kernel: Linux 4.19.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US), LANGUAGE=en_US (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages eudev depends on:
ii  adduser      3.118
ii  debconf      1.5.70
ii  libblkid1    2.32.1-0.1+devuan2.1
ii  libc6        2.28-6
ii  libeudev1    3.2.7-5
ii  libkmod2     25-2
ii  libselinux1  2.8-1+b1
ii  lsb-base     9.20160110
ii  procps       2:3.3.11-3
ii  util-linux   2.32.1-0.1+devuan2.1

eudev recommends no packages.

eudev suggests no packages.

-- Configuration Files:
/etc/init.d/eudev changed:
PATH="/sbin:/bin"
NAME="udevd"
DAEMON="/sbin/udevd"
DESC="hot-plug events dispatcher"
PIDFILE="/run/eudev.pid"
CTRLFILE="/run/udev/control"
OMITDIR="/run/sendsigs.omit.d"
unmount_devpts() {
  if mountpoint -q /dev/pts/; then
    umount -n -l /dev/pts/
  fi
  if mountpoint -q /dev/shm/; then
    umount -n -l /dev/shm/
  fi
}
mount_devtmpfs() {
  if grep -E -q "^[^[:space:]]+ /dev devtmpfs" /proc/mounts; then
    mount -n -o remount,size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev
    return
  fi
  if ! mount -n -o size=$tmpfs_size,mode=0755 -t devtmpfs devtmpfs /dev; then
    log_failure_msg "udev requires devtmpfs support, not started"
    log_end_msg 1
  fi
  return 0
}
create_dev_makedev() {
  if [ -e /sbin/MAKEDEV ]; then
    ln -sf /sbin/MAKEDEV /dev/MAKEDEV
  else
    ln -sf /bin/true /dev/MAKEDEV
  fi
}
move_udev_database() {
  [ -e "/dev/.udev/" ] || return 0
  [ ! -e /run/udev/ ] || return 0
  [ -e /run/ ] || return 0
  mountpoint -q /run/ || return 0
  mv /dev/.udev/ /run/udev/ || true
}
supported_kernel() {
  case "$(uname -r)" in
    2.[012345].*|2.6.[0-9]|2.6.[0-9][!0-9]*) return 1 ;;
    2.6.[12][0-9]|2.6.[12][0-9][!0-9]*) return 1 ;;
    2.6.3[0-1]|2.6.3[0-1][!0-9]*) return 1 ;;
  esac
  return 0
}
my_tty() {
  [ -x /bin/readlink ] || return 0
  [ -e /proc/self/fd/0 ] || return 0
  readlink --silent /proc/self/fd/0 || true
}
warn_if_interactive() {
  if [ "$RUNLEVEL" = "S" -a "$PREVLEVEL" = "N" ]; then
    return
  fi
  TTY=$(my_tty)
  if [ -z "$TTY" -o "$TTY" = "/dev/console" -o "$TTY" = "/dev/null" ]; then
    return
  fi
  printf "\n\n\nIt has been detected that the command\n\n\t$0 $*\n\n"
  printf "has been run from an interactive shell.\n"
  printf "It will probably not do what you expect, so this script will wait\n"
  printf "60 seconds before continuing. Press ^C to stop it.\n"
  printf "RUNNING THIS COMMAND IS HIGHLY DISCOURAGED!\n\n\n\n"
  sleep 60
}
make_static_nodes() {
  [ -e /lib/modules/$(uname -r)/modules.devname ] || return 0
  [ -x /bin/kmod ] || return 0
  /bin/kmod static-nodes --format=tmpfiles --output=/proc/self/fd/1 | \
  while read type name mode uid gid age arg; do
    [ -e $name ] && continue
    case "$type" in
      c|b|c!|b!) mknod -m $mode $name $type $(echo $arg | sed 's/:/ /') ;;
      d|d!) mkdir $name ;;
      *) echo "unparseable line ($type $name $mode $uid $gid $age $arg)" >&2 ;;
    esac
    if [ -x /sbin/restorecon ]; then
      /sbin/restorecon $name
    fi
  done
}
[ -x $DAEMON ] || exit 0
tmpfs_size="10M"
if [ -e /etc/udev/udev.conf ]; then
  . /etc/udev/udev.conf
fi
. /lib/lsb/init-functions
if ! supported_kernel; then
  log_failure_msg "udev requires a kernel >= 2.6.32, not started"
  log_end_msg 1
fi
if [ ! -e /proc/filesystems ]; then
  log_failure_msg "udev requires a mounted procfs, not started"
  log_end_msg 1
fi
if ! grep -q '[[:space:]]devtmpfs$' /proc/filesystems; then
  log_failure_msg "udev requires devtmpfs support, not started"
  log_end_msg 1
fi
if [ ! -d /sys/class/ ]; then
  log_failure_msg "udev requires a mounted sysfs, not started"
  log_end_msg 1
fi
if ! ps --no-headers --format args ax | egrep -q '^\['; then
  log_warning_msg "udev does not support containers, not started"
  exit 0
fi
if [ -d /sys/class/mem/null -a ! -L /sys/class/mem/null ] || \
   [ -e /sys/block -a ! -e /sys/class/block ]; then
  log_warning_msg "CONFIG_SYSFS_DEPRECATED must not be selected"
  log_warning_msg "Booting will continue in 30 seconds but many things will be broken"
  sleep 30
fi
case "$1" in
    start)
    if mountpoint -q /dev/; then
	TMPFS_MOUNTED=1
    elif [ -e "/dev/.udev/" ]; then
	log_warning_msg ".udev/ already exists on the static /dev"
    fi
    if [ ! -e "/dev/.udev/" -a ! -e "/run/udev/" ]; then
	warn_if_interactive
    fi
    if [ -w /sys/kernel/uevent_helper ]; then
	echo > /sys/kernel/uevent_helper
    fi
    move_udev_database
    if [ -z "$TMPFS_MOUNTED" ]; then
	unmount_devpts
	mount_devtmpfs
	[ -d /proc/1 ] || mount -n /proc
    fi
    make_static_nodes
    # clean up parts of the database created by the initramfs udev
    udevadm info --cleanup-db
    # set the SELinux context for devices created in the initramfs
    [ -x /sbin/restorecon ] && /sbin/restorecon -R /dev
    log_daemon_msg "Starting $DESC" "$NAME"
    if start-stop-daemon --start $NAME --user root --quiet \
      --pidfile $PIDFILE --exec $DAEMON --background --make-pidfile; then
      # prevent udevd to be killed by sendsigs (see #261 & DEBIAN #791944)
      mkdir -p $OMITDIR/$NAME
      ln -sf $PIDFILE $OMITDIR/$NAME
	  log_end_msg $?
    else
	log_warning_msg $?
	log_warning_msg "Waiting 15 seconds and trying to continue anyway"
	sleep 15
    fi
    log_action_begin_msg "Synthesizing the initial hotplug events"
    if udevadm trigger --action=add; then
	log_action_end_msg $?
    else
	log_action_end_msg $?
    fi
    create_dev_makedev
    # wait for the udevd childs to finish
    log_action_begin_msg "Waiting for /dev to be fully populated"
    if udevadm settle; then
	log_action_end_msg 0
    else
	log_action_end_msg 0 'timeout'
    fi
    ;;
    stop)
    log_daemon_msg "Stopping $DESC" "$NAME"
    if start-stop-daemon --stop --name $NAME --user root --quiet \
      --pidfile $PIDFILE --remove-pidfile --oknodo --retry 5; then
      # prevents cryptsetup/dmsetup hangs ( see #261 & Debian bug #791944 )
      rm -f $CTRLFILE
	  log_end_msg $?
    else
	log_end_msg $?
    fi
    ;;
    restart)
    log_daemon_msg "Stopping the hotplug events dispatcher" "udevd"
    if start-stop-daemon --stop --name udevd --user root --quiet \
      --pidfile $PIDFILE --remove-pidfile --oknodo --retry 5; then
	  # prevents cryptsetup/dmsetup hangs ( see #261 & Debian bug #791944 )
      rm -f $CTRLFILE
	  log_end_msg $?
    else
	log_end_msg $? || true
    fi
    log_daemon_msg "Starting $DESC" "$NAME"
    if start-stop-daemon --start $NAME --user root --quiet \
      --pidfile $PIDFILE --exec $DAEMON --background --make-pidfile; then
      # prevent udevd to be killed by sendsigs (see #261 & DEBIAN #791944)
      mkdir -p $OMITDIR/$NAME
      ln -sf $PIDFILE $OMITDIR/$NAME
	  log_end_msg $?
    else
	log_end_msg $?
    fi
    ;;
    reload|force-reload)
    udevadm control --reload-rules
    ;;
    status)
    status_of_proc $DAEMON $NAME && exit 0 || exit $?
    ;;
    *)
    echo "Usage: /etc/init.d/udev {start|stop|restart|reload|force-reload|status}" >&2
    exit 1
    ;;
esac
exit 0


-- no debconf information

[udev-database.txt (text/plain, attachment)]

[Message part 5 (message/rfc822, inline)]

From: Svante Signell <svante.signell@gmail.com>

To: 292-close@bugs.devuan.org

Subject: [Devuan-bugs] bug#292: eudev causes false postive in rkhunter

Date: Mon, 27 Jan 2020 12:27:53 +0100

Fixed by eudev-3.2.9-1, closing.

Send a report that this bug log contains spam.