Bug#887210: rkhunter should depend on e2fsprogs explicitly
andreas at fatal.se
Sun Jan 21 14:29:53 UTC 2018
Control: severity -1 minor
On Sun, Jan 14, 2018 at 08:10:53PM +0100, Helmut Grohne wrote:
> Package: rkhunter
> /usr/bin/rkhunter contains chattr and lsattr. According to file it is a POSIX shell script, ASCII text executable, with very long lines, with escape sequences
> /var/lib/rkhunter/db/i18n/cn contains lsattr. According to file it is a UTF-8 Unicode text
I've ignored /var/lib/rkhunter/db/i18n/* as false positives since they
seem to simply be translations.
Looking at rkhunter it seems chattr is a false positive match.
There are a few false positive matches for lsattr as well, but
one of them is interesting.
lsattr is part of the list of commands stored in CMDLIST variable.
Here's a code comment from rkhunter check_commands function about CMDLIST:
# We check for some commands used in the tests. If the command
# is found then a variable including the command name is set.
# These commands are not 'required', so nothing happens if the
# command is not found. The commands can be defined in the
# configuration file, and a value of 'DISABLED' will cause a
# command to not exist. A value of 'BUILTIN' may be used for
# the 'stat' and 'readlink' commands, to indicate that the
# supplied scripts should be used. We have to handle the 'stat'
# command in a special way so that the perl module does not get
# used if the command is to be disabled.
You can indeed that the lsattr command is not strictly necessary
by searching for LSATTR_CMD and seeing how it's only conditionally
executed if available.
Thus I'd say at most a Suggests or possibly Recommends is warrented, but
not a Depends. Even just closing this bug report without a Suggests might
be an option. I'll leave that up to the maintainer to decide.
Would be great to hear from maintainer on this....
More information about the forensics-devel