Package: samhain
Version: 4.1.4-2
Severity: important

When samhain database is renamed or moved from /var/lib/samhain the script
/etc/init.d/samhain tries to execute 'samhain -t init' and then fails anyway as
database is re-created in different location.
Instead of using hard-coded path of /var/lib/samhain/samhain_file a check of
config file should be done - something like
'cat /etc/samhain/samhainrc | grep ^SetDatabasePath | sed s/SetDatabasePath=//'
to check if database path is redefined.

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (1000, 'testing'), (50, 'unstable'), (20, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.11.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8) (ignored:
LC_ALL set to C.UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) (ignored:
LC_ALL set to C.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: unable to detect

Versions of packages samhain depends on:
ii  debconf [debconf-2.0]  1.5.61
ii  libauparse0            1:2.7.7-1+b1
ii  libc6                  2.24-12
ii  libgcrypt20            1.7.8-1
ii  libgnutls30            3.5.13-2
ii  libpcre3               2:8.39-3
ii  libprelude2            1.0.0-11.9
ii  zlib1g                 1:1.2.8.dfsg-5

samhain recommends no packages.

samhain suggests no packages.

-- Configuration Files:
/etc/init.d/samhain [Errno 13] Permission denied: '/etc/init.d/samhain'
/etc/samhain/samhainrc changed:
[Misc]
[ReadOnly]
dir = 0/
[Attributes]
file = /tmp
file = /dev
file = /proc
file = /sys
file = /run
[IgnoreAll]
file = /mnt
[ReadOnly]
dir = 99/bin
dir = 99/sbin
dir = 99/lib
dir = 99/root
dir = 99/usr
[Attributes]
file = /etc/samhain/samhaindb
[ReadOnly]
dir = 99/boot
[ReadOnly]
dir = 99/etc
[Attributes]
file = /etc/mtab
file = /etc/resolv.conf
[ReadOnly]
dir = 0/home/
[ReadOnly]
dir = 99/var
[IgnoreAll]
dir = -1/var/cache
dir = -1/var/backups
dir = -1/var/lib/dhcp
dir = -1/var/lock
dir = -1/var/mail
dir = -1/var/run
dir = -1/var/spool
dir = -1/var/tmp
dir = 99/var/lib/systemd/rfkill
dir = -1/var/lib/systemd/timers
file = /var/lib/systemd/random-seed
file = /var/lib/systemd/clock
dir = -1/var/lib/NetworkManager
[Attributes]
dir = 99/var/lib/selinux/default
file = /var/lib/apt/lists/lock
file = /var/lib/apt/lists/partial
file = /var/lib/apt/extended_states
file = /var/lib/apt/daily_lock
file = /var/lib/aptitude/pkgstates
file = /var/lib/aptitude/pkgstates.old
file = /var/lib/dpkg/lock
file = /var/lib/tor/state
file = /var/log/lastlog
file = /var/lib/apt/lists/vwakviie2ienjx6t.onion_debian_dists_*_InRelease
file = /var/lib/dpkg/triggers/Lock
file = /var/lib/dpkg/status*
file = /var/lib/tor/lock
file = /var/lib/tor/cached-microdescs.new
[GrowingLogFiles]
dir = 99/var/log
[Misc]
IgnoreAdded = /var/lib/apt/extended_states*
IgnoreMissing = /var/lib/apt/extended_states*
IgnoreAdded = /var/lib/aptitude/pkgstates.*
IgnoreMissing = /var/lib/aptitude/pkgstates.*
IgnoreAdded = /var/lib/dpkg/status-*
IgnoreMissing = /var/lib/dpkg/status-*
IgnoreAdded = /var/lib/aptitude/pkgstates*
IgnoreMissing = /var/lib/aptitude/pkgstates*
IgnoreMissing = /var/lib/apt/lists/partial/.apt-acquire-privs-test.*
IgnoreMissing = /var/lib/dpkg/updates/tmp.i
IgnoreAdded = /var/lib/tor/state*
IgnoreMissing = /var/lib/tor/state*
[IgnoreNone]
[Prelink]
[User0]
[User1]
[EventSeverity]
SeverityReadOnly = alert
SeverityLogFiles = err
SeverityGrowingLogs = info
SeverityIgnoreNone = crit
SeverityAttributes = crit
SeverityUser0 = crit
SeverityUser1 = crit
SeverityIgnoreAll = info
SeverityFiles=crit
SeverityDirs=crit
SeverityNames=warn
[Log]
MailSeverity=none
PrintSeverity=none
LogSeverity=none
SyslogSeverity=err
ExportSeverity=none
ExternalSeverity = none
DatabaseSeverity = none
PreludeSeverity = none
[SuidCheck]
SuidCheckActive = yes
SuidCheckInterval = 86400
SuidCheckExclude = NULL
SuidCheckYield = yes
SeveritySuidCheck = crit
SuidCheckQuarantineFiles = no
[Utmp]
LoginCheckActive = False
[Misc]
SetDatabasePath=/etc/samhain/samhaindb
Daemon = yes
ChecksumTest=check
SetLoopTime = 600
SetFileCheckTime = 7200
ReportOnlyOnce = True
UseLocalTime = Yes
UseHardlinkCheck = True
UseAclCheck = True
UseSelinuxCheck = True
LooseDirCheck = True
HideSetup = True
SyslogFacility=LOG_LOCAL2
[Mounts]
MountCheckActive = True
MountCheckInterval = 600
SeverutyMountMissing = err
SeverutyOptionMissing = crit
checkmount = / ro,nodev
checkmount = /home nosuid,nodev
checkmount = /var nodev
[ProcessCheck]
ProcessCheckActive = False
SeverityProcessCheck = crit
ProcessCheckInterval = 300
[UserFiles]
UserfilesActive = 1
UserfilesCheckUids = 1000,1001,1002
UserfilesName = .bashrc readonly
UserfilesName = .bash_logout readonly
UserfilesName = .profile readonly
[PortCheck]
PortCheckActive = no
SeverityPortCheck = crit
PortCheckInterval = 300
PortCheckRequired = 127.0.0.1:19040/tcp, 127.0.0.1:19041/tcp,
127.0.0.1:19053/udp, 127.0.0.53:53/udp, 68/udp
PortCheckOptional = 127.0.0.1:37871/tcp
[LogMon]
LogMonActive = yes
LogMonInterval = 10
[Inotify]
InotifyActive = yes
[EOF]


-- debconf information:
* samhain/init-log:

Reply via email to