Linux Mint Forums

[tri]

I want to check of the clean-build md5sum of /bin/which, /usr/bin/groups, /usr/sbin/adduser. In my computer they are shown as below:

md5sum /bin/which /usr/bin/groups /usr/sbin/adduser

e942f154ef9d9974366551d2d231d936 /bin/which
9e178e01771143404559cc8082e0ea0e /usr/bin/groups
60f5522efb7d6f6d36215507aa0b28c3 /usr/sbin/adduser

Is that the same in your computer, guys?

My rkhunter 1.3.2 keep warning me about these scripts. I don't know why.

[Husse]

This is probaly (certainly) a false alarm
http://ubuntuforums.org/archive/index.php/t-785332.html

[tri]

Yes I know that, and already know how to fix them properly. When you access the file /etc/rkhunter.conf and compare it from both Mint Daryna and Ellysa, I found that the SCRIPTWHITELISTs are not the same. In particular, the file of Daryna has shown:

Allow the specified commands to be scripts.
# One command per line (use multiple SCRIPTWHITELIST lines).
#
#SCRIPTWHITELIST=/sbin/ifup
#SCRIPTWHITELIST=/sbin/ifdown
SCRIPTWHITELIST=/usr/bin/groups
SCRIPTWHITELIST=/bin/egrep
SCRIPTWHITELIST=/bin/fgrep
SCRIPTWHITELIST=/bin/which
SCRIPTWHITELIST=/usr/bin/ldd
SCRIPTWHITELIST=/usr/bin/lwp-request
SCRIPTWHITELIST=/usr/sbin/adduser
SCRIPTWHITELIST=/usr/sbin/prelink

But in Elyssa, it is like this:

Allow the specified commands to be scripts.
# One command per line (use multiple SCRIPTWHITELIST lines).
#
#SCRIPTWHITELIST=/sbin/ifup
#SCRIPTWHITELIST=/sbin/ifdown
SCRIPTWHITELIST=/usr/bin/groups

I intend to copy the rest to Elyssa but first I need to check their md5sum to validate security.

Thank you.