Hi all,
I just updated my F19 box to rkhunter 1.4.2 from 1.4.0, and it suddenly
seems to be selectively ignoring bits of my config file.
I have custom sshd, su, and sudo PAM scripts, which I exclude from package
verification with:
PKGMGR_NO_VRFY="/etc/pam.d/sshd /etc/pam.d/su /etc/pam.d/sudo"
With 1.4.0, it would work as expected; it checked for changes against its
own database. In 1.4.2, it generates a:
[] Warning: Package manager verification has failed:
[] File: /etc/pam.d/su
and one for sudo and sshd as well. I also have rkhunter keeping track of
the files in pam.d with:
USER_FILEPROP_FILES_DIRS="/etc/pam.d/*"
Again, in 1.4.0, this did what I expected it to: verified all the files in
pam.d against the database created with the last --propupd. In 1.4.2, it
causes a number of warnings, very similar to the one above; all generated
because of a package manager verification failure. On closer examination,
they are all reported by `rpm -V` as configuration errors, not 'actual'
verification failures.
`rkhunter -C` returns clean with no message.
If I comment out the USER_FILEPROP_FILES_DIRS line, _all_ the errors go
away; the scan comes back clean. It stops ignoring the PKGMGR_NO_VRFY
directive. But it also stops watching my pam.d directory. Very bad. If I
comment out the PKGMGR_NO_VRFY line as well, I get warnings for those three
customized files (su, sudo, sshd). Because RPM reports those as _real_
verification errors, as it rightfully should.
I tried adding additional PKGMGR_NO_VRFY lines for the bothersome files,
but USER_FILEPROPS_FILES_DIRS always seems to override and/or ignore it.
Putting each file to exclude on its own line doesn't make a difference. I'm
not exactly sure what the problem is, just how I've managed to make it
respond in this case.
In short, any file specified with USER_FILEPROPS_FILES_DIRS in 1.4.2 is
checked against the package manager, even when that file is excluded from
package manager checking with PKGMGR_NO_VRFY, unlike in 1.4.0. I didn't see
anything in the changlog noting it as an intentional change, so here I am.
I have reverted to 1.4.0 for now. Any help/input is greatly appreciated.
Thanks!
Chris Bell
Ph.D. Candidate, Teaching Assistant, Gentleman, Scholar, Penguin Wrangler
University of South Florida
College of Engineering
Department of Computer Science and Engineering
NarMOS Research Team, Official Daemon Charmer
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
