Bug#765898: rkhunter: default values of file/command/pathname exceptions
francois at fmarier.org
Wed Apr 29 01:39:24 UTC 2015
On 2015-04-29 11:15, Christoph Anton Mitterer wrote:
>> => while rkhunter will determine this automatically, it may still be
>> nice to
>> set it to /etc/rsyslog.conf on Debian, since rsyslog is the default
I'm not sure I enough about this (since it's working) to patch the
upstream source further.
>> => maybe it makes also sense un-comment from that line, since rkhunter
>> Recommneds unhide.rb and it's likely to be installed
>> See als bug #.
That's going to lead to a failure on machines that don't have it
unfortunately. At least until
http://sourceforge.net/p/rkhunter/feature-requests/41/ is fixed.
>> => which isn't contained in the upstream default rkhunter.conf.
>> Is this perhaps just a leftover?
It could very well be. We'd have to test with and without.
> For the following, I'm not really sure why I didn't suggest sha512
> instead of sha256:
>> => As part of crypto strengthening, I'd probably suggest to set this
Isn't sha512sum slower than sha256sum? As long as sha256 is considered
strong, I would favour the more efficient tool.
> Further, I've seen you commented:
> It's also suggested by rkhunter... so similarly to unhide.rb,... it
> *may* make sense to have this enabled per default.
> But I have no strong opinion on either of the two.
See above comment.
More information about the forensics-devel