On Tue, 2010-08-17 at 15:06 +0200, Julien Valroff wrote: > > As already suggested by the rkhunter documentation, the tmp-dir > > /var/lib/rkhunter/tmp/ should have tight permissions. > The tmp directory keeps the default rights defined by upstream. Then we should perhaps try to get this done upstream (too)?!
> > group-rights should be removed even for the root group IMO. > > As sysadmins may have deliberately removed this for some files copied there. > > You are right, though I would then better check that the files are copied to > this > directory using either 'cp -p' or 'cp -a', what do you think? > > This is already the case for the passwd and group files which are dealt with > in > the postinst script. Well I'd use -a,... but nevertheless change the rights of the dir itslef.... why having something more open than needed? Cheers, Chris. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
