False alarm of rkhunter Elyssa

Questions about applications and software
Forum rules
Before you post please read this

False alarm of rkhunter Elyssa

Postby tri on Sun Jul 06, 2008 7:57 am

I want to check of the clean-build md5sum of /bin/which, /usr/bin/groups, /usr/sbin/adduser. In my computer they are shown as below:

md5sum /bin/which /usr/bin/groups /usr/sbin/adduser

e942f154ef9d9974366551d2d231d936 /bin/which
9e178e01771143404559cc8082e0ea0e /usr/bin/groups
60f5522efb7d6f6d36215507aa0b28c3 /usr/sbin/adduser

Is that the same in your computer, guys?

My rkhunter 1.3.2 keep warning me about these scripts. I don't know why.
tri
Level 2
Level 2
 
Posts: 56
Joined: Sun Sep 02, 2007 12:07 am

Linux Mint is funded by ads and donations.
 

Re: False alarm of rkhunter Elyssa

Postby Husse on Sun Jul 06, 2008 9:02 am

This is probaly (certainly) a false alarm
http://ubuntuforums.org/archive/index.php/t-785332.html
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19710
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: False alarm of rkhunter Elyssa

Postby tri on Sun Jul 06, 2008 10:56 pm

Yes I know that, and already know how to fix them properly. When you access the file /etc/rkhunter.conf and compare it from both Mint Daryna and Ellysa, I found that the SCRIPTWHITELISTs are not the same. In particular, the file of Daryna has shown:

Allow the specified commands to be scripts.
# One command per line (use multiple SCRIPTWHITELIST lines).
#
#SCRIPTWHITELIST=/sbin/ifup
#SCRIPTWHITELIST=/sbin/ifdown
SCRIPTWHITELIST=/usr/bin/groups
SCRIPTWHITELIST=/bin/egrep
SCRIPTWHITELIST=/bin/fgrep
SCRIPTWHITELIST=/bin/which
SCRIPTWHITELIST=/usr/bin/ldd
SCRIPTWHITELIST=/usr/bin/lwp-request
SCRIPTWHITELIST=/usr/sbin/adduser
SCRIPTWHITELIST=/usr/sbin/prelink

But in Elyssa, it is like this:

Allow the specified commands to be scripts.
# One command per line (use multiple SCRIPTWHITELIST lines).
#
#SCRIPTWHITELIST=/sbin/ifup
#SCRIPTWHITELIST=/sbin/ifdown
SCRIPTWHITELIST=/usr/bin/groups

I intend to copy the rest to Elyssa but first I need to check their md5sum to validate security.

Thank you.
tri
Level 2
Level 2
 
Posts: 56
Joined: Sun Sep 02, 2007 12:07 am


Return to Software & Applications

Who is online

Users browsing this forum: Diego24, jefboyardee and 21 guests