On Jan 14, 2013 12:10 PM, "Holger Levsen" <firstname.lastname@example.org> wrote:
> Hi Andreas,
> On Donnerstag, 10. Januar 2013, Andreas Beckmann wrote:
> > Hi,
> > the following packages from wheezy ship files that are excluded from
> > the .md5sums file:
> > [snip]
> > rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/backdoorports.dat
> > rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/mirrors.dat
> > rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/programs_bad.dat
> > rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/suspscan.dat
> those I'd file with severity "important" - sure it's a policy violation,
> surely it's bad, but I wouldnt want to delay the release for these. (And I
> also suggest to fix those for wheezy, but thats a slightly different topic ;)
> this I'd probably file as serious, not having checksums for files in /usr
> seems worse. But then, the same reasoning as for the above bugs applies, so
> maybe important is better after all.
> important as well.
> Thanks for your work on this!
Not a debian developer but these 4 files I would rather put under security - after all something could have changed the contents of these files rendering rkhunter rather useless with respect to detecting some rootkits. I agree with the rest.