Bug#765898: rkhunter: default values of file/command/pathname exceptions
Christoph Anton Mitterer
calestyo at gmail.com
Tue Apr 28 23:15:08 UTC 2015
Hey Francois.
Have you considered any of the following remaining ones:
On Sun, 2014-10-19 at 03:10 +0200, Christoph Anton Mitterer wrote:
> #SYSLOG_CONFIG_FILE=/etc/syslog.conf
> => while rkhunter will determine this automatically, it may still be nice to
> set it to /etc/rsyslog.conf on Debian, since rsyslog is the default
> SCRIPTWHITELIST=/usr/bin/unhide.rb
> => maybe it makes also sense un-comment from that line, since rkhunter
> Recommneds unhide.rb and it's likely to be installed
> See als bug #.
> INSTALLDIR=/usr
> => which isn't contained in the upstream default rkhunter.conf.
> Is this perhaps just a leftover?
For the following, I'm not really sure why I didn't suggest sha512
instead of sha256:
> HASH_CMD
> => As part of crypto strengthening, I'd probably suggest to set this to:
> HASH_CMD=sha512sum
Further, I've seen you commented:
>#SCRIPTWHITELIST=/usr/bin/lwp-request
It's also suggested by rkhunter... so similarly to unhide.rb,... it
*may* make sense to have this enabled per default.
But I have no strong opinion on either of the two.
Cheers,
Chris
More information about the forensics-devel
mailing list