Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1234420
Summary: | chkrootkit warnings - l2cap | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | DaveG <daveg> |
Component: | chkrootkit | Assignee: | Gwyn Ciesla <gwync> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | unspecified | ||
Version: | 22 | CC: | gwync, rs, sergio, stanley.king, wolfy |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | chkrootkit-0.50-8.fc22 chkrootkit-0.50-8.fc23 chkrootkit-0.50-8.fc24 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-06-30 14:52:37 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
DaveG
2015-06-22 14:02:40 UTC
I think the component for this bug should be netstat, no chkrootkit, since that's where the issue lies. I'm seeing the same warning for netstat on F21 (net-tools-2.0-0.31.20141124git.fc21.x86_64). # netstat -l ... Active Bluetooth connections (only servers) Proto Destination Source State PSM DCID SCID IMTU OMTU Security warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. warning, got bogus l2cap line. I filed the bug against chkrootkit after seeing that net-tools package (netstat) was marked "end of life" and is not likely to be updated in Fedora or upstream. I can live with errors from netstat since it is generally used interactively but error output from a root-kit scanner may cause unnecessary alarm. I have "fixed" my own version by restricting the netstat protocol options but I'm no root-kit expert so I don't know if the affected Trojans only use IPv4/IPv6. Quick fix: - OPT=-an + OPT=-an46 in 4 places in chkrootkit script. One instance is quoted. That fixes things for netstat for now but switching to ss would take considerably more effort. Hi, (In reply to DaveG from comment #2) > I filed the bug against chkrootkit after seeing that net-tools package > (netstat) was marked "end of life" and is not likely to be updated in Fedora > or upstream. what will be the netstat replacement ? Thanks, (In reply to Sergio Monteiro Basto from comment #3) > Hi, > > (In reply to DaveG from comment #2) > > I filed the bug against chkrootkit after seeing that net-tools package > > (netstat) was marked "end of life" and is not likely to be updated in Fedora > > or upstream. > > what will be the netstat replacement ? > ss Yes, 'ss' from the iproute package. Similar output but different format. Thanks :) Does this still occur with ss? chkrootkit-0.50-8.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-b93b991ea4 chkrootkit-0.50-8.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-6c1a60982e chkrootkit-0.50-8.fc22 has been submitted as an update to Fedora 22. https://bodhi.fedoraproject.org/updates/FEDORA-2016-533e10ae24 chkrootkit-0.50-8.fc22 has been pushed to the Fedora 22 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-533e10ae24 chkrootkit-0.50-8.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-b93b991ea4 chkrootkit-0.50-8.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-6c1a60982e chkrootkit-0.50-8.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. chkrootkit-0.50-8.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. chkrootkit-0.50-8.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. |