Bug#789259: rkhunter: false positives of README.Debian.gz in the config
wim
wim.bertels at khleuven.be
Fri Jun 19 10:07:04 UTC 2015
Package: rkhunter
Version: 1.4.2-0.4
Severity: wishlist
Hallo,
it would nice to have the documented false positives in the default config of rkhunter
/usr/share/doc/rkhunter/README.Debian.gz
for example /etc/.java
and others
this would save some work and questions
mvg,
Wim
-- System Information:
Debian Release: 8.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=nl_BE.utf8, LC_CTYPE=nl_BE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages rkhunter depends on:
ii binutils 2.25-5
ii debconf [debconf-2.0] 1.5.56
ii file 1:5.22+15-2
ii net-tools 1.60-26+b1
ii perl 5.20.2-3+deb8u1
ii ucf 3.0030
Versions of packages rkhunter recommends:
ii exim4-daemon-light [mail-transport-agent] 4.84-8
ii iproute 1:3.16.0-2
ii lsof 4.86+dfsg-1
ii unhide 20121229-1+b1
ii wget 1.16-1
Versions of packages rkhunter suggests:
ii bsd-mailx [mailx] 8.1.2-0.20141216cvs-2
pn libdigest-whirlpool-perl <none>
ii liburi-perl 1.64-1
ii libwww-perl 6.08-1
ii powermgmt-base 1.31+nmu1
ii tripwire 2.4.2.2-4
-- Configuration Files:
/etc/rkhunter.conf changed:
MAIL-ON-WARNING=wim
TMPDIR=/var/lib/rkhunter/tmp
DBDIR=/var/lib/rkhunter/db
SCRIPTDIR=/usr/share/rkhunter/scripts
LOGFILE=/var/log/rkhunter.log
APPEND_LOG=1
AUTO_X_DETECT=1
ENABLE_TESTS=ALL
DISABLE_TESTS=suspscan hidden_procs deleted_files packet_cap_apps apps
SCRIPTWHITELIST=/bin/egrep
SCRIPTWHITELIST=/bin/fgrep
SCRIPTWHITELIST=/bin/which
SCRIPTWHITELIST=/usr/bin/groups
SCRIPTWHITELIST=/usr/bin/ldd
SCRIPTWHITELIST=/usr/bin/lwp-request
SCRIPTWHITELIST=/usr/sbin/adduser
DISABLE_UNHIDE=1
INSTALLDIR=/usr
-- debconf information:
rkhunter/apt_autogen: false
rkhunter/cron_daily_run:
rkhunter/cron_db_update:
More information about the forensics-devel
mailing list