Bug#765898: rkhunter: default values of file/command/pathname exceptions

Christoph Anton Mitterer calestyo at gmail.com
Tue Apr 28 23:15:08 UTC 2015

Hey Francois.

Have you considered any of the following remaining ones:

On Sun, 2014-10-19 at 03:10 +0200, Christoph Anton Mitterer wrote: 
> #SYSLOG_CONFIG_FILE=/etc/syslog.conf
> => while rkhunter will determine this automatically, it may still be nice to
>    set it to /etc/rsyslog.conf on Debian, since rsyslog is the default

> SCRIPTWHITELIST=/usr/bin/unhide.rb
> => maybe it makes also sense un-comment from that line, since rkhunter
>    Recommneds unhide.rb and it's likely to be installed
>    See als bug #.

> => which isn't contained in the upstream default rkhunter.conf.
>    Is this perhaps just a leftover?

For the following, I'm not really sure why I didn't suggest sha512
instead of sha256: 
> => As part of crypto strengthening, I'd probably suggest to set this to:
>    HASH_CMD=sha512sum

Further, I've seen you commented:
It's also suggested by rkhunter... so similarly to unhide.rb,... it
*may* make sense to have this enabled per default.
But I have no strong opinion on either of the two.


More information about the forensics-devel mailing list