Bug#765898: rkhunter: default values of file/command/pathname exceptions

Subject: Bug#765898: rkhunter: default values of file/command/pathname exceptions
From: calestyo@gmail.com (Christoph Anton Mitterer)
Date: Wed, 29 Apr 2015 01:15:08 +0200
Message-id: <[🔎] 1430262908.4842.12.camel@gmail.com>
In-reply-to: <20141019011019.23260.191.reportbug@heisenberg.scientia.net>
References: <20141019011019.23260.191.reportbug@heisenberg.scientia.net>

Hey Francois.


Have you considered any of the following remaining ones:

On Sun, 2014-10-19 at 03:10 +0200, Christoph Anton Mitterer wrote: 
> #SYSLOG_CONFIG_FILE=/etc/syslog.conf
> => while rkhunter will determine this automatically, it may still be nice to
>    set it to /etc/rsyslog.conf on Debian, since rsyslog is the default

> SCRIPTWHITELIST=/usr/bin/unhide.rb
> => maybe it makes also sense un-comment from that line, since rkhunter
>    Recommneds unhide.rb and it's likely to be installed
>    See als bug #.

> INSTALLDIR=/usr
> => which isn't contained in the upstream default rkhunter.conf.
>    Is this perhaps just a leftover?


For the following, I'm not really sure why I didn't suggest sha512
instead of sha256: 
> HASH_CMD
> => As part of crypto strengthening, I'd probably suggest to set this to:
>    HASH_CMD=sha512sum


Further, I've seen you commented:
>#SCRIPTWHITELIST=/usr/bin/lwp-request
It's also suggested by rkhunter... so similarly to unhide.rb,... it
*may* make sense to have this enabled per default.
But I have no strong opinion on either of the two.



Cheers,
Chris

Reply to:

Follow-Ups:
- Bug#765898: rkhunter: default values of file/command/pathname exceptions
  - From: francois@fmarier.org (Francois Marier)

Prev by Date: gpart_0.2.2-2_amd64.changes ACCEPTED into unstable
Next by Date: Processing of afflib_3.7.6-2_amd64.changes
Previous by thread: gpart_0.2.2-2_amd64.changes ACCEPTED into unstable
Next by thread: Bug#765898: rkhunter: default values of file/command/pathname exceptions
Index(es):
- Date
- Thread