|
Bugzilla – Full Text Bug Listing |
| Summary: | Few comments to the "rkhunter" package | ||
|---|---|---|---|
| Product: | [openSUSE] SUSE LINUX 10.0 | Reporter: | Balazs Melikant <balazs.melikant> |
| Component: | Security | Assignee: | Marcus Meissner <meissner> |
| Status: | RESOLVED FIXED | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Enhancement | ||
| Priority: | P5 - None | CC: | balazs.melikant |
| Version: | Final | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | SUSE Other | ||
| Whiteboard: | |||
| Found By: | Other | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | My config-patch. | ||
Created attachment 48690 [details]
My config-patch.
reassigned to Marcus. 1. i tried to adapt it. looked fine here.
2. Why weekly and not daily?
And yes, i used the sample .spec file.
3. there is no System/Security group in our distro.
4. Your patch is wrong, some of those are just files , some are dirs.
+ALLOWHIDDENDIR=/dev/.udevdb
+ALLOWHIDDENDIR=/etc/.java
+ALLOWHIDDENFILE=/etc/.pwd.lock
your patch confuses them a bit.
I'm glad to hear your feedback:) I really forgot to fix this issue in my spec, which was needed by an earlier rkhunter version. It gave dummy error-messages, so played with it so long, until all of them were away:) and reported it to the original author. You are right, they are confusing/confused and the newest version doesn't need them. I will probably fix it in my version this weekend or alternatively build your src.rpm for my SUSE 9.1 as well... I'm sorry for reopening this bug for such a minor issue, but please consider the following. To avoid confusion concerning the rkhunter.conf file, as we just discussed earlier, the "ALLOWHIDDENFILE=/etc/.pwd.lock" line should be put, where it belongs: to the next paragraph. --->>> portion of the rkhunter.conf file of SUSE 10.0 GM --->>> # Allow hidden directory # One directory per line (use multiple ALLOWHIDDENDIR lines) # ALLOWHIDDENDIR=/dev/.udevdb ALLOWHIDDENDIR=/etc/.java ALLOWHIDDENFILE=/etc/.pwd.lock # Allow hidden file # One file per line (use multiple ALLOWHIDDENFILE lines) # #ALLOWHIDDENFILE=/etc/.java --->>> In my opinion it should be --->>> # Allow hidden directory # One directory per line (use multiple ALLOWHIDDENDIR lines) # ALLOWHIDDENDIR=/dev/.udevdb ALLOWHIDDENDIR=/etc/.java # Allow hidden file # One file per line (use multiple ALLOWHIDDENFILE lines) # #ALLOWHIDDENFILE=/etc/.java ALLOWHIDDENFILE=/etc/.pwd.lock i made this beauty fixup for the next prodzuct. |
1. In the description of the package (before MD5) there is at least one newline missing: > Rootkit scanner is scanning tool to ensure you for about 99.9% > you're clean of nasty tools. This tool scans for rootkits, > backdoors and local exploits by running tests like: - MD5 hash > compare > > - Look for default files used by rootkits 2. If I'm not wrong, the filename "/etc/cron.daily/01-rkhunter" was copy&pasted from P. Shanahan's own spec, but I didn't see his (nick-)name mentioned. By the way I think the "01-" part could be skipped from SUSE's variant and I would put it into the cron.weekly folder... 3. System/Monitoring, shouldn't be System/Security ?! 4. I patched my own 'variant' against other hidden files/folders as well; I will attach the complete patch. Anyway, how your config file looks, would also strongly suggest, "where it came from"; would it not better to separate the "header lines" in it, e.g. as I have it?