On Mon, Sep 29, 2008 at 15:24, Dejan Muhamedagic <[EMAIL PROTECTED]> wrote: > On Mon, Sep 29, 2008 at 01:10:28PM +0200, Andrew Beekhof wrote: >> On Mon, Sep 29, 2008 at 01:05, Simon Horman <[EMAIL PROTECTED]> wrote: >> > >> > On Fri, Sep 26, 2008 at 12:57:44PM +0200, Ferenc Wagner wrote: >> >> Package: heartbeat >> >> Version: 2.1.3-6 >> >> Severity: wishlist >> >> >> >> Hi, >> >> >> >> Chkrootkit stumbles upon the hidden files under /usr/lib: >> >> >> >> /etc/cron.daily/chkrootkit: >> >> The following suspicious files and directories were found: >> >> /usr/lib/ocf/resource.d/heartbeat/.ocf-binaries >> >> /usr/lib/ocf/resource.d/heartbeat/.ocf-directories >> >> /usr/lib/ocf/resource.d/heartbeat/.ocf-returncodes >> >> /usr/lib/ocf/resource.d/heartbeat/.ocf-shellfuncs >> >> >> >> Please avoid using such names if possible. >> > >> > Hi Ferenc, >> > >> > that sounds like a reasonable request to me. I am passing it >> > on to the upstream development mailing list for comment there. >> >> I think chkrootkit is being a little over-protective here. >> These files aren't meant to be included directly by the user and by >> naming them with a leading dot, we avoid the issue of them showing up >> as resources. > > They won't show as resource agents if the scripts are not > executable. Sourcing such files would work in that case too.
Yes but its needlessly confusing (even if in a small way) for anyone looking in that directory. Audit tools such as the one mentioned have their place, but moving files around for no other reason than to keep the tool from complaining is a step too far. Particularly when there are sane enough reasons for the files to be located and named as they are. At any rate, even if they were relocated, we'd still have to provide links to the current pathname for compatibility. As an aside, are rootkit writers really that lame that they rely on a leading dot to hide the presence of a file? Even my little sister wouldn't be fooled by that. -EMOVEALONG _______________________________________________________ Linux-HA-Dev: [email protected] http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev Home Page: http://linux-ha.org/
