Re: [RFR] templates://rkhunter/{templates}
Christian Perrier wrote:
> Your review should be sent as an answer to this mail.
> Template: rkhunter/cron_daily_run
[...]
> +_Description: Activate daily run of rkunter?
Typo: rkhunter
> Template: rkhunter/cron_db_update
[...]
> +_Description: Activate weekly rkhunter databases update?
> + If you choose this option, rkhunter databases will be
> + updated automatically by a weekly cron job.
The plural in "databases update" is possible but not natural. Try:
_Description: Activate weekly update of rkhunter's databases?
(Avoiding the issue by improving consistency.)
> Template: rkhunter/apt_autogen
[...]
> +_Description: Automatically update rkhunter file properties database?
Yes; inexplicably, it's "file propertieS database", not "file
property database" or "fileS propertieS database". Or to be
completely consistent this should perhaps become:
_Description: Activate automatic update of rkhunter's file properties database?
But that's too long, so try
_Description: Automatically update rkhunter's file properties database?
> Native speakers, should this be "rkhunter'S" for the possessive form?
It's legal without; "rkhunter" here is directly modifying the
following noun phrase. But that phrase is already a stack of
nouns-modifying-nouns, so using a possessive instead would be an
improvement.
> + This feature is not enabled by default as
> + database updates may be slow on low-end machines.
> + Even if it is enabled, the database won't be updated if the
> 'hashes' test is disabled in rkhunter configuration.
(That has to be something like "in its configuration file".)
> I'm not entirely fond of my proposed "low-end machines". I'm usually
> not enthusiast about talking of "machines" but never found a better
> alternative (maybe "computers" would be good, after all, even if, in
> these days of virtualisation, it's quite restrictive).
"On low-end hardware"? But updates might be even slower if you're
running a dozen VMs on high-end hardware; I'll leave "machines" in.
> Some of the tests it does:
With nitpicks:
> + - MD5 hash comparisons;
Yup, fine.
> + - search for default files used by rootkits;
"Default files" invites confusion with the idea of rootkits
exploiting insecure default configuration files... at least make it
plain that they're files *created* by rootkits.
> + - binary files permissions check;
I'd hope it checks for weird permissions on all executables (such as
the shellscript /usr/bin/rkhunter!), not just binaries.
> + - suspect strings in LKM and KLD modules;
LKM and KLD are just obscure ways of saying "kernel modules".
> + - hidden files;
It ignores hidden files in (for instance) my home directory.
> + - optional scan within plaintext and binary files.
Plaintext and plain text are two different things. Besides, why
specify "plain text and binary"? Does it just mean "all (regular)
files, including the text/html ones full of unicode"?
> That enumeration still lacks consistency. We should either use verbs
> only or nouns only, not a mix of both.
And some are checks, while others are things to check for. Here's
one approach to standardising them:
It checks for:
- MD5 hash changes;
- files commonly created by rootkits;
- executables with anomalous file permissions;
- suspicious strings in kernel modules;
- hidden files in system directories;
and can optionally scan within files.
(Am I allowed to do that?) Or going the other way:
It can:
- compare MD5 hashes;
- search for files commonly created by rootkits;
- check permissions on executables;
- check for suspicious strings in kernel modules;
- detect hidden files in system directories;
- (optionally) scan within files.
But on the whole I prefer the all-nouns one.
> + Only using rkhunter does not guarantee that a system is not
> + compromised. Running additional tests, such as chkrootkit, is
> + recommended.
>
> "Please note" in packages' descriptions should probably be discouraged
> as they're not exactly documentation (another thing to add to the
> style guide?).
I personally dislike being asked if I'd mind terribly much heeding
an important warning. Just warn me!
> Is 'using' as subject of the verb a correct grammatical construction
> in English (it is in French). Same for 'Running tests'.
> Native speakers, help..:-)
Technically, it's the whole phrase "only using rkhunter" that's
serving as the subject of "does not guarantee...". "Doing this is
grammatical". But maybe I'd prefer "using only rkhunter" or "using
rkhunter alone"...
--
JBR
Ankh kak! (Ancient Egyptian blessing)
--- ../rkhunter.old/debian/templates 2007-10-31 07:14:09.000000000 +0000
+++ debian/templates 2007-11-05 17:43:59.000000000 +0000
@@ -1,22 +1,23 @@
Template: rkhunter/cron_daily_run
Type: boolean
-_Description: Activate daily run?
- Choose this option if you want rkhunter to be run automatically
- via cron.daily.
+_Description: Activate daily run of rkhunter?
+ If you choose this option, rkhunter will be run automatically
+ by a daily cron job.
Template: rkhunter/cron_db_update
Type: boolean
-_Description: Activate weekly database update?
- Choose this option if you want rkhunter databases to be
- updated automatically via cron.weekly.
+_Description: Activate weekly update of rkhunter's databases?
+ If you choose this option, rkhunter databases will be
+ updated automatically by a weekly cron job.
Template: rkhunter/apt_autogen
Type: boolean
Default: false
-_Description: Update file properties database automatically?
- rkhunter can be configured so that the file properties database
- is updated automatically by apt.
- Default is not to enable this feature as the file properties
- database update can be slow on some older or low-resource systems.
- Even if enabled, the database won't be updated by apt if the
- 'hashes' test is disabled in rkhunter configuration.
+_Description: Automatically update rkhunter's file properties database?
+ The file properties database can be updated automatically
+ by the package management system.
+ .
+ This feature is not enabled by default as
+ database updates may be slow on low-end machines.
+ Even if it is enabled, the database won't be updated if the
+ 'hashes' test is disabled in its configuration file.
--- ../rkhunter.old/debian/control 2007-10-31 07:14:12.000000000 +0000
+++ debian/control 2007-11-05 17:06:01.000000000 +0000
@@ -13,17 +13,17 @@
Recommends: libmd5-perl, binutils, wget | curl | links | elinks | lynx, iproute
Suggests: mailx
Description: rootkit, backdoor, sniffer and exploit scanner
- Rootkit Hunter scans your system for known and unknown rootkits,
+ Rootkit Hunter scans systems for known and unknown rootkits,
backdoors, sniffers and exploits.
.
- Some of the tests it does:
- - MD5 hash compare
- - Look for default files used by rootkits
- - Wrong file permissions for binaries
- - Look for suspected strings in LKM and KLD modules
- - Look for hidden files
- - Optional scan within plaintext and binary files
+ It checks for:
+ - MD5 hash changes;
+ - files commonly created by rootkits;
+ - executables with anomalous file permissions;
+ - suspicious strings in kernel modules;
+ - hidden files in system directories;
+ and can optionally scan within files.
.
- Please note that rkhunter does *not* guarantee your system has
- not been compromised! You should also run additional tests, e.g. using
- chkrootkit and other measures.
+ Using rkhunter alone does not guarantee that a system is not
+ compromised. Running additional tests, such as chkrootkit, is
+ recommended.
Template: rkhunter/cron_daily_run
Type: boolean
_Description: Activate daily run of rkhunter?
If you choose this option, rkhunter will be run automatically
by a daily cron job.
Template: rkhunter/cron_db_update
Type: boolean
_Description: Activate weekly update of rkhunter's databases?
If you choose this option, rkhunter databases will be
updated automatically by a weekly cron job.
Template: rkhunter/apt_autogen
Type: boolean
Default: false
_Description: Automatically update rkhunter's file properties database?
The file properties database can be updated automatically
by the package management system.
.
This feature is not enabled by default as
database updates may be slow on low-end machines.
Even if it is enabled, the database won't be updated if the
'hashes' test is disabled in its configuration file.
Source: rkhunter
Section: admin
Priority: optional
Maintainer: Micah Anderson <micah@debian.org>
Uploaders: Julien Valroff <julien@kirya.net>
Build-Depends: debhelper (>= 5.0.0), dpatch, po-debconf
Standards-Version: 3.7.2
Homepage: http://rkhunter.sourceforge.net
Package: rkhunter
Architecture: all
Depends: file, exim4 | postfix | sendmail | mail-transport-agent, perl, net-tools, ${misc:Depends}
Recommends: libmd5-perl, binutils, wget | curl | links | elinks | lynx, iproute
Suggests: mailx
Description: rootkit, backdoor, sniffer and exploit scanner
Rootkit Hunter scans systems for known and unknown rootkits,
backdoors, sniffers and exploits.
.
It checks for:
- MD5 hash changes;
- files commonly created by rootkits;
- executables with anomalous file permissions;
- suspicious strings in kernel modules;
- hidden files in system directories;
and can optionally scan within files.
.
Using rkhunter alone does not guarantee that a system is not
compromised. Running additional tests, such as chkrootkit, is
recommended.
Reply to: