Ubuntu
rkhunter package

rkhunter ASCII text with no line terminators

Bug #1776632 reported by latimerio
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
rkhunter (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

I get a lot of warnings like give below about ASCII text with no line terminators, short file (no magic) or just ASCII text.
I think there is nothing wrong with those and there should be at least an option to allow this.

Warning: Suspicious file types found in /dev:
         /dev/shm/byobu-myuser-CLwl8Ngj/width: ASCII text, with no line terminators
         /dev/shm/byobu-myuser-CLwl8Ngj/.last.tmux/disk: ASCII text, with no line terminators
         /dev/shm/byobu-myuser-CLwl8Ngj/.last.tmux/memory: ASCII text, with no line terminators
         /dev/shm/byobu-myuser-CLwl8Ngj/.last.tmux/cpu_freq: ASCII text, with no line terminators
         /dev/shm/byobu-myuser-CLwl8Ngj/.last.tmux/session: ASCII text, with no line terminators
         /dev/shm/byobu-myuser-CLwl8Ngj/.last.tmux/cpu_count: ASCII text, with no line terminators
         /dev/shm/byobu-myuser-CLwl8Ngj/.last.tmux/release: ASCII text, with no line terminators
         /dev/shm/byobu-myuser-CLwl8Ngj/.last.tmux/load_average: ASCII text, with no line terminators
         /dev/shm/byobu-myuser-CLwl8Ngj/.last.tmux/uptime: ASCII text, with no line terminators
         /dev/shm/byobu-myuser-CLwl8Ngj/.last.tmux/logo: ASCII text, with no line terminators
         /dev/shm/byobu-myuser-CLwl8Ngj/status.tmux/cpu_freq: ASCII text, with no line terminators
         /dev/shm/byobu-myuser-CLwl8Ngj/status.tmux/load_average: ASCII text, with no line terminators
         /dev/shm/byobu-myuser-CLwl8Ngj/status.tmux/cpu_count: ASCII text, with no line terminators
         /dev/shm/byobu-myuser-CLwl8Ngj/status.tmux/uptime: ASCII text, with no line terminators
         /dev/shm/byobu-myuser-CLwl8Ngj/status.tmux/disk: ASCII text, with very long lines, with no line terminators
         /dev/shm/byobu-myuser-CLwl8Ngj/status.tmux/memory: ASCII text, with very long lines, with no line terminators
         /dev/shm/byobu-myuser-CLwl8Ngj/status.tmux/session: very short file (no magic)
         /dev/shm/byobu-myuser-CLwl8Ngj/status.tmux/release: ASCII text, with no line terminators
         /dev/shm/byobu-myuser-CLwl8Ngj/status.tmux/logo: UTF-8 Unicode text, with no line terminators
         /dev/shm/byobu-myuser-CLwl8Ngj/sockets: ASCII text

Tags: rkhunter
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in rkhunter (Ubuntu):
status: New → Confirmed
Revision history for this message
Benjamin Tegge (livewirebt) wrote :

It looks like there is an option to suppress this. I just encountered the same problem and found information in the following tickets to be helpful:

https://bugs.launchpad.net/ubuntu/+source/rkhunter/+bug/1453952
https://bugs.launchpad.net/ubuntu/+source/rkhunter/+bug/219840

I created a /etc/rkhunter.conf.local with the following content:

```
ALLOWHIDDENDIR=/dev/shm/byobu-*-????????/.last.tmux
ALLOWDEVFILE=/dev/shm/byobu-*-????????/.last.tmux/*
ALLOWDEVFILE=/dev/shm/byobu-*-????????/*/*
ALLOWDEVFILE=/dev/shm/byobu-*-????????/*
ALLOWDEVFILE=/dev/shm/sem.*
```

I don't think the is a bug, you are basically asking how to configure your whitelist. It would have been more constructive an useful to the community to post it as a question on AskUbuntu. I think.

Revision history for this message
latimerio (fomember) wrote :

A whitelist merely cures the symptoms not the cause.
Here the cause is that line terminators are expected.
Thus I still think there should be an option to allow all lines with missing line terminators or allow lines with or without line terminators as the default.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.