Bug#779702: rkhunter: wrong whitelist for /etc/.etckeeper

IOhannes m zmölnig umlaeute at debian.org
Wed Mar 4 09:14:36 UTC 2015


Package: rkhunter
Version: 1.4.2-0.4
Severity: normal

Dear Maintainer,

/etc/rkhunter.conf comes with a (disabled) line to whitelist /etc/.etckeeper.

    #ALLOWHIDDENDIR=/etc/.etckeeper


unfortunately /etc/.etckeeper is not a directory but a file (at least on all my
systems where I installed etckeeper), so I suggest to change that line to

    #ALLOWHIDDENFILE=/etc/.etckeeper


while you are there¹, could you also provide example lines to whitelist
/etc/.git? There is already a whitelist for /etc/.gitignore, and assuming that
few people have there root fs ('/') under git, chances are high that this
gitignore file will be accompanied by an /etc/.git/

    #ALLOWHIDDENDIR=/etc/.git


¹ assuming that many people will use git as backend for etckeeper; this probably also applies to the other etckeeper-backends (with different paths)...

-- System Information:
Debian Release: 8.0
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=de_AT.utf8, LC_CTYPE=de_AT.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages rkhunter depends on:
ii  binutils               2.24.90.20141023-1
ii  debconf [debconf-2.0]  1.5.55
ii  file                   1:5.20-2
ii  net-tools              1.60-26+b1
ii  perl                   5.20.1-5
ii  ucf                    3.0030

Versions of packages rkhunter recommends:
ii  exim4-daemon-light [mail-transport-agent]  4.84-8
ii  iproute                                    1:3.16.0-2
ii  lsof                                       4.86+dfsg-1
ii  unhide                                     20121229-1+b1
ii  wget                                       1.16-1

Versions of packages rkhunter suggests:
ii  bsd-mailx [mailx]         8.1.2-0.20141216cvs-1
pn  libdigest-whirlpool-perl  <none>
ii  liburi-perl               1.64-1
ii  libwww-perl               6.08-1
pn  powermgmt-base            <none>
pn  tripwire                  <none>

-- Configuration Files:
/etc/rkhunter.conf changed [not included]

-- debconf information excluded



More information about the forensics-devel mailing list