On Wed, 15 Dec 2021 21:29:35 +1300 Andrew Ruthven <and...@etc.gen.nz> wrote:
> I have just spent a little bit of time digging into this, as I want > rkhunter to work (almost) turnkey, without needing users to have to > customise any configuration files. I'm just a fellow user here - when i started using this package a some years ago i thought a turnkey approach would be good, but over time i have come to take a different view. Scanning packages like rkhunter (and chkrootkit, checksecurity, tiger, etc, etc) cant realistically cope with every possible debian system, and i dont think they should try. I think there is more benefit from being told that things have changed from some baseline (expected position), even if the baseline itself needs adjusting. And that it should not be debian's goal, in my opinion, to eliminate warnings caused by debian packages (other than those from essential:yes packages) as long as the warnings can be silenced - rkhunter does pretty well here. if grep moves from /usr/bin to /bin or the other way, i want to be told, not have the scanner adjust itself. If a new lwp-release script appears i want to be told - even if the explanation is "because that package got installed" (this does assume there is a reason to check if lwp-release is a script - im not actually sure this is true given the automatic updates are now disabled, but that's another story) (i appreciate that it is entirely reasonable to disagree with this, I just wanted to share my view) (personally, i would leave usrmerge the default and close this bug as you can already edit the rkhunter.conf to say where grep is located)
