On Jan 14, 2013 12:10 PM, "Holger Levsen" <holger@layer-acht.org> wrote:
>
> Hi Andreas,
>
> On Donnerstag, 10. Januar 2013, Andreas Beckmann wrote:
> > Hi,
> >
> > the following packages from wheezy ship files that are excluded from
> > the .md5sums file:
> > [snip]
> > rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/backdoorports.dat
[Snip]
> > rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/mirrors.dat
> > rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/programs_bad.dat
> > rkhunter: FILE WITHOUT MD5SUM /var/lib/rkhunter/db/suspscan.dat
>
> those I'd file with severity "important" - sure it's a policy violation,
> surely it's bad, but I wouldnt want to delay the release for these. (And I
> also suggest to fix those for wheezy, but thats a slightly different topic ;)
>
[snip]
> this I'd probably file as serious, not having checksums for files in /usr
> seems worse. But then, the same reasoning as for the above bugs applies, so
> maybe important is better after all.
>
[snip]
> important as well.
>
> Thanks for your work on this!
>
>
> cheers,
> Holger
Not a debian developer but these 4 files I would rather put under security - after all something could have changed the contents of these files rendering rkhunter rather useless with respect to detecting some rootkits. I agree with the rest.
darkestkhan