Package: rkhunter Version: 1.4.2-0.1 Severity: normal
Hi. Regarding the defaults/example for pathnames/file/command exceptions you ship: SCRIPTWHITELIST=/usr/bin/groups => is no longer a script SCRIPTWHITELIST=/usr/sbin/prelink => maybe disable this, since it's not installed per default on debian systems and leads to an error in rkhunter ALLOWPROCDELFILE=/usr/lib/iceweasel/firefox-bin => this is just a symlink in debian to: /usr/lib/iceweasel/iceweaselo #SYSLOG_CONFIG_FILE=/etc/syslog.conf => while rkhunter will determine this automatically, it may still be nice to set it to /etc/rsyslog.conf on Debian, since rsyslog is the default Please consider to add: #ALLOWHIDDENFILE=/usr/share/man/man5/.k5identity.5.gz => part of the krb5-doc package SCRIPTWHITELIST=/usr/bin/unhide.rb => maybe it makes also sense un-comment from that line, since rkhunter Recommneds unhide.rb and it's likely to be installed See als bug #. The following don't stricly fit to this bug, but since it's also about the config file values and defaults: INSTALLDIR=/usr => which isn't contained in the upstream default rkhunter.conf. Is this perhaps just a leftover? MAIL-ON-WARNING, USE_SYSLOG => I probably would suggest to set these to: MAIL-ON-WARNING=root USE_SYSLOG=authpriv.warning so that people get better informed about any warnings found by rkhunter HASH_CMD => As part of crypto strengthening, I'd probably suggest to set this to: HASH_CMD=sha512sum Sure, SHA1 isn't broken yet... but it doesn't really cost us anything to use something which is likely safer than it. There's also an upstream bug about this, though: https://sourceforge.net/p/rkhunter/bugs/118/ Cheers, Chris. _______________________________________________ forensics-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
