I have a doubt (sorry, not exactly concerned to this mail ...) Rkhunter only suggests unhide.rb ? or is a Debian decision
Thank you 2012/12/4 Frederik Himpe <fhi...@vub.ac.be> > Package: rkhunter > Version: 1.4.0-1 > Severity: normal > > When unhide.rb (recommended by rkhunter) is installed, this results in a > spurious > warning because unhide.rb is a ruby script and not a binary file: > [09:47:05] /usr/bin/unhide.rb [ Warning ] > [09:47:05] Warning: The command '/usr/bin/unhide.rb' has been replaced by > a script: /usr/bin/unhide.rb: Ruby script, ASCII text > > I had to add: > SCRIPTWHITELIST=/usr/bin/unhide.rb > > to rkhunter.conf to stop this warning. This should probably be done by > default. > > -- System Information: > Debian Release: wheezy/sid > APT prefers testing > APT policy: (300, 'testing'), (200, 'unstable') > Architecture: amd64 (x86_64) > > Kernel: Linux 3.2.0-3-amd64 (SMP w/1 CPU core) > Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > > Versions of packages rkhunter depends on: > ii binutils 2.22-7.1 > ii debconf [debconf-2.0] 1.5.46 > ii file 5.11-2 > ii net-tools 1.60-24.2 > ii perl 5.14.2-15 > ii ucf 3.0025+nmu3 > > Versions of packages rkhunter recommends: > ii curl 7.28.0-3 > ii elinks 0.12~pre5-9 > ii exim4-daemon-light [mail-transport-agent] 4.80-5.1 > ii iproute 20120521-3 > ii lsof 4.86+dfsg-1 > ii unhide.rb 13-1 > ii wget 1.14-1 > > Versions of packages rkhunter suggests: > ii bsd-mailx [mailx] 8.1.2-0.20111106cvs-1 > pn libdigest-whirlpool-perl <none> > pn liburi-perl <none> > pn libwww-perl <none> > pn powermgmt-base <none> > pn tripwire <none> > > -- Configuration Files: > /etc/rkhunter.conf changed: > ROTATE_MIRRORS=1 > UPDATE_MIRRORS=1 > MIRRORS_MODE=0 > MAIL-ON-WARNING="root" > MAIL_CMD=mail -s "[rkhunter] Warnings found for ${HOST_NAME}" > TMPDIR=/var/lib/rkhunter/tmp > DBDIR=/var/lib/rkhunter/db > SCRIPTDIR=/usr/share/rkhunter/scripts > UPDATE_LANG="" > LOGFILE=/var/log/rkhunter.log > APPEND_LOG=0 > COPY_LOG_ON_ERROR=0 > COLOR_SET2=0 > AUTO_X_DETECT=1 > WHITELISTED_IS_WHITE=0 > ALLOW_SSH_ROOT_USER=no > ALLOW_SSH_PROT_V1=0 > ENABLE_TESTS="all" > DISABLE_TESTS="suspscan deleted_files packet_cap_apps apps" > SCRIPTWHITELIST=/bin/egrep > SCRIPTWHITELIST=/bin/fgrep > SCRIPTWHITELIST=/bin/which > SCRIPTWHITELIST=/usr/bin/groups > SCRIPTWHITELIST=/usr/bin/ldd > SCRIPTWHITELIST=/usr/bin/lwp-request > SCRIPTWHITELIST=/usr/sbin/adduser > SCRIPTWHITELIST=/usr/sbin/prelink > SCRIPTWHITELIST=/usr/bin/unhide.rb > IMMUTABLE_SET=0 > PHALANX2_DIRTEST=0 > ALLOW_SYSLOG_REMOTE_LOGGING=0 > SUSPSCAN_TEMP=/dev/shm > SUSPSCAN_MAXSIZE=10240000 > SUSPSCAN_THRESH=200 > USE_LOCKING=0 > LOCK_TIMEOUT=300 > SHOW_LOCK_MSGS=1 > DISABLE_UNHIDE=1 > INSTALLDIR="/usr" > > > -- debconf information: > * rkhunter/apt_autogen: true > * rkhunter/cron_daily_run: true > * rkhunter/cron_db_update: true > > _______________________________________________ > forensics-devel mailing list > forensics-devel@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel >
_______________________________________________ forensics-devel mailing list forensics-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel