Kevin Fenzi <[email protected]> writes:
> On Sun, 16 Mar 2014 12:59:29 -0700
> "Wolfgang S. Rupprecht" <[email protected]> wrote:
>> Are other people seeing this? I'm not looking forward to a full scrub
>> and clean installation.
>
> Did you recently install or update openssh-server, openssh or
> telnet-server ? When you update packages you need to re-run
> 'rkhunter --propupd' to update it's db.
>
> The /dev/dev/ thing is a dracut bug from a while back. You can safely
> remove that /dev/dev/ directory and it's contents.
$ grep ssh /var/log/yum.log
Jan 06 19:27:53 Updated: openssh-6.4p1-3.fc20.x86_64
Jan 06 19:28:23 Updated: openssh-server-6.4p1-3.fc20.x86_64
Jan 06 19:28:23 Updated: openssh-clients-6.4p1-3.fc20.x86_64
Jan 06 19:28:23 Installed: openssh-askpass-6.4p1-3.fc20.x86_64
I do nightly yum updates but ssh* hasn't updated in a long while. I
also recall the file updated messages are a bit different, complaining
that an inode changed.
I also did an 'rpm -Va' to see if the hash changed, but it hadn't.
While it is possible that rpm was replaced with a version that lies, I
honestly can't believe the rabbit hole goes that deep. I'm leaning
towards something bad having happened to upstream's rkhunter.
I guess I should check with a fedora live usb just to be sure. (Again,
I have to trust that the tools aren't doctored so much that burning a
live image is still doable without inserting a trojan.)
-wolfgang
--
users mailing list
[email protected]
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
