False alarm of rkhunter Elyssa

Questions about applications and software
Forum rules
Before you post please read how to get help

False alarm of rkhunter Elyssa

Postby tri on Sun Jul 06, 2008 7:57 am

I want to check of the clean-build md5sum of /bin/which, /usr/bin/groups, /usr/sbin/adduser. In my computer they are shown as below:

md5sum /bin/which /usr/bin/groups /usr/sbin/adduser

e942f154ef9d9974366551d2d231d936 /bin/which
9e178e01771143404559cc8082e0ea0e /usr/bin/groups
60f5522efb7d6f6d36215507aa0b28c3 /usr/sbin/adduser

Is that the same in your computer, guys?

My rkhunter 1.3.2 keep warning me about these scripts. I don't know why.
tri
Level 2
Level 2
 
Posts: 56
Joined: Sun Sep 02, 2007 12:07 am

Linux Mint is funded by ads and donations.
 

Re: False alarm of rkhunter Elyssa

Postby Husse on Sun Jul 06, 2008 9:02 am

This is probaly (certainly) a false alarm
http://ubuntuforums.org/archive/index.php/t-785332.html
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19703
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: False alarm of rkhunter Elyssa

Postby tri on Sun Jul 06, 2008 10:56 pm

Yes I know that, and already know how to fix them properly. When you access the file /etc/rkhunter.conf and compare it from both Mint Daryna and Ellysa, I found that the SCRIPTWHITELISTs are not the same. In particular, the file of Daryna has shown:

Allow the specified commands to be scripts.
# One command per line (use multiple SCRIPTWHITELIST lines).
#
#SCRIPTWHITELIST=/sbin/ifup
#SCRIPTWHITELIST=/sbin/ifdown
SCRIPTWHITELIST=/usr/bin/groups
SCRIPTWHITELIST=/bin/egrep
SCRIPTWHITELIST=/bin/fgrep
SCRIPTWHITELIST=/bin/which
SCRIPTWHITELIST=/usr/bin/ldd
SCRIPTWHITELIST=/usr/bin/lwp-request
SCRIPTWHITELIST=/usr/sbin/adduser
SCRIPTWHITELIST=/usr/sbin/prelink

But in Elyssa, it is like this:

Allow the specified commands to be scripts.
# One command per line (use multiple SCRIPTWHITELIST lines).
#
#SCRIPTWHITELIST=/sbin/ifup
#SCRIPTWHITELIST=/sbin/ifdown
SCRIPTWHITELIST=/usr/bin/groups

I intend to copy the rest to Elyssa but first I need to check their md5sum to validate security.

Thank you.
tri
Level 2
Level 2
 
Posts: 56
Joined: Sun Sep 02, 2007 12:07 am


Return to Software & Applications

Who is online

Users browsing this forum: Mik3e and 23 guests