Package: rkhunter
Version: 1.4.4-2
Severity: normal
Tags: security
Hi.
I think this was even the case previously:
/var/lib/rkhunter/tmp should be only readable/listable by root:root.
rkhunter makes temp copies of security relevant files there, and while
right now the copies it makes have safe
On Sat, 2017-07-15 at 22:21 +, Debian Bug Tracking System wrote:
> * Disable remote updates to fix CVE-2017-7480 and prevent bugs like
> it in the future (closes: #765895, #866677)
It's good to see this finally done... but really sad to see, that it
required an actually exploit to be
>Do you know what the correct to do this is?
Uhm... sorry... not really...
Perhaps something like backuping the current file, then using dpkg-
maintscript-helper rm_conffile to remove the conffile, and then move
the backup back as manually managed file.
But really better ask at d-d on how to do
Package: rkhunter
Version: 1.4.2-6
Severity: normal
Hi.
Apparently the package used to contain:
/etc/default/rkhunter
as a dpkg conffile but no longer does and ships it manually managed instead.
This file was however not properly cleaned up as conffile and is still marked
as such.
Could you
Package: rkhunter
Version: 1.4.2-5
Severity: normal
Tags: security upstream
Hi.
AFAIU, rkhunter does roughly the following to check for the value of
PermitRootLogin.
Goes through SSH_CONFIG_DIR or /etc /etc/ssh /usr/local/etc /usr/local/etc/ssh
and
looking for sshd_config, taking the first
Package: rkhunter
Version: 1.4.2-5
Severity: normal
Hi.
rkhunter places it's lockfiles apparently in a location
(per default /var/lib/something) that doesn't get cleaned
up on reboot.
It should rather use to proper location, e.g. /var/lock
or /run/lock.
Cheers,
Chris.
Package: rkhunter
Version: 1.4.2-4
Severity: normal
Hi.
Apparently unhide.rb moved from /usr/bin to /usr/sbin, even though
its changelog doesn't tell this (CCing Giovani therefore, so he
can tell whether this is permanent or just by accident).
Therefore rkhunter's previous SCRIPTWHITELIST
Package: wnpp
Severity: wishlist
* Package name: forensic-colorize
Version : 1.1
Upstream Author : Jesse Kornblum resea...@jessekornblum.com
* URL : https://github.com/jessek/colorize/
* License : GPL3
Programming Lang: C
Description : forensic tool
Hey Francois.
Have you considered any of the following remaining ones:
On Sun, 2014-10-19 at 03:10 +0200, Christoph Anton Mitterer wrote:
#SYSLOG_CONFIG_FILE=/etc/syslog.conf
= while rkhunter will determine this automatically, it may still be nice to
set it to /etc/rsyslog.conf on Debian
Package: rkhunter
Version: 1.4.2-0.3
Severity: minor
Hi.
There's a trailing whitespace in the RUN_CHECK_ON_BATTERY line
of /etc/default/rkhunter
Cheers,
Chris.
___
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
Package: rkhunter
Version: 1.4.2-0.1
Severity: wishlist
Hi.
Could you possibly consider to change the default for
LOGFILE
to:
/var/log/rkhunter/rkhunter.log
The benefit would be that all rkhunter logs (especially when
COPY_LOG_ON_ERROR=1 is used) would be placed in their own dir and not
reopen 593120
retitle 593120 security of files copied by rkhunter
forwarded 593120 https://sourceforge.net/p/rkhunter/bugs/121/
tags 593120 + security
severity 593120 important
stop
Hi Julien, et al.
Now that the new upstream version got into Debian I've stumbled again
over this issue.
I think
Package: rkhunter
Version: 1.4.2-0.1
Severity: wishlist
Tags: patch
Hi.
There is the line:
# hidden_procs test requires the unhide command which is part of the unhide
# package in Debian.
in rkhunter.conf.
Please extend that to unhide.rb, e.g.
# hidden_procs test requires the unhide and/or
Package: rkhunter
Version: 1.4.2-0.1
Severity: normal
Hi.
Regarding the defaults/example for pathnames/file/command exceptions you ship:
SCRIPTWHITELIST=/usr/bin/groups
= is no longer a script
SCRIPTWHITELIST=/usr/sbin/prelink
= maybe disable this, since it's not installed per default on
On Sun, 2014-10-19 at 03:10 +0200, Christoph Anton Mitterer wrote:
See als bug #.
Here I forgot the number: 765896
:)
smime.p7s
Description: S/MIME cryptographic signature
___
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
Package: rkhunter
Version: 1.4.2-0.1
Severity: wishlist
Hi.
I always found it useful when packages which have a lot of Recommended/Suggested
packages, for which it is not obviously clear how they are used, describe this
in their package description.
A good example for this would be the
Package: rkhunter
Version: 1.4.0-3
Severity: wishlist
Hi.
There's a new upstream version 1.4.2.
Cheers,
Chris.
___
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
Package: aesfix
Version: 1.0.1-2
Severity: normal
Hi.
Shouldn't the recommends on aeskeyfinder be on aeskeyfind instead?
Cheers,
Chris.
___
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
Package: rkhunter
Version: 1.4.0-3
Severity: minor
Hi.
The package still suggests the transitional package lynx (replaced
by lynx-cur).
Cheers,
Chris.
btw: Why does it suggest wget | curl | links | elinks | lynx at all?
___
forensics-devel mailing
On Fri, 2013-01-04 at 15:46 +0100, Johan Walles wrote:
Can you post the output of running unhide.rb (from the package of the same
name) on the system where you're seeing false positives with aptitude?
I checked with unhide.rb ... and it shows no hidden processeds when
aptitude is running (i.e.
Package: md5deep
Version: 3.7-1
Severity: wishlist
Hi.
A new upstream version (3.9) is available.
Cheers,
Chris.
___
forensics-devel mailing list
forensics-devel@lists.alioth.debian.org
On Sat, 2010-07-10 at 13:42 -0700, Daniel Burrows wrote:
I think it's agreed that it
belongs over there and not in aptitude?
Yeah,... I guess that's ok,...
However,... it remains that aptitude or one of its libs does something
special which triggers this rather than other applications... so if
22 matches
Mail list logo