| Author |
Message |
|
|
Post subject: possible warning to consider using sidux edition of rkhunter
 Posted: Aug 03, 2008 - 01:42 AM
|
|
Joined: Apr 15, 2008
Posts: 129
Location: Australia
Status: Offline
|
|
Hi
I am a sidux newbie but am the author for the rkhunter wiki here
http://rkhunter.wiki.sourceforge.net/MPRKH#Contents
I normally run the vanilla edition of rkhunter, unhide and skdet.
Today I did a test by uninstalling all of those apps and deleting all logs and configs etc...I ran
Code:
su
apt-get install rkhunter
The apt app reports what is going to be installed and a nice touch...it gets rkhunter and unhide.
It provides a symbolic link for unhide to the 2.6 kernel edition of unhide.....very nice.
2) The area of concern for me....especially for new system home admins....is the rkhunter script on install ....automatically ...
runs the propupd command
3) --propupd is not recommended to be run unless....you as admin are happy you have no compromised software etc. This is normally run on a clean install using trusted install sources such as a verified install dvd.
I would warn those interested, not to use the sidux way of doing it.
By all means look at the repository for the files and download them and store them to removable media.
Then do a clean install....no net....and grab those files and install them....then you can trust the propupd function.
Of course....one reason for using the sidux edition is maybe a tweaked rkhunter.conf designed for sidux
4) I know this may sound picky....but when I ran the sidux rkhunter.conf it missed one replacement script....and did not have dpkg package management enabled.
FYI on a KDE 2008-02 install it missed replacement script for
/usr/sbin/ifstatus
5) Using kio-apt in Konqueror my sidux newbie skills found this
http://packages.debian.org/sid/rkhunter
http://packages.debian.org/sid/unhide
I do not intend to email the maintainers of these packages as I know how to use this apps.
What I am hoping interested readers might do is consider my warning and maybe prefer to change their style of installing.
Naturally if you prefer to use sidux deb files....you may need to download the dependencies listed in the links.
good luck |
|
|
| |
|
|
|
 |
|
|
|
Post subject: RE: possible warning to consider using sidux edition of rkhu
Posted: Aug 03, 2008 - 01:47 AM
|
|
Joined: Nov 25, 2006
Posts: 2570
Status: Offline
|
|
| rkhunter is a package maintained by Debian, sidux neither ships nor touches it in any way. If you're unhappy about its maintainerscripts and consider those to be a security bug, please report it at the Debian BTS (I would suggest severity "minor") - it won't be changed by or through sidux. |
|
|
| |
|
|
|
|
|
|
|
Post subject:
Posted: Aug 03, 2008 - 03:53 AM
|
|
Joined: Apr 15, 2008
Posts: 129
Location: Australia
Status: Offline
|
|
slh
I have no intention of contacting the maintainers or in raising a ticket thankyou.
I am sure you are thanked by more worthy people than myself but just to let you know I have installed sidux because I like it which means your distro is the first one to drag me off using Mandriva in about 3 years. (That is meant to be a compliment BTW)
to others
In the spirit of providing info here are my 2 main files
place this file into /etc/cron.daily and make it root executable
http://h1.ripway.com/aus9/sidux/rkh.txt
Delete the .txt which was needed for online viewing purposes
Its ouput as small is
-------
#!/bin/sh
( /usr/local/bin/rkhunter --cronjob --rwo --nocolors && echo "" ) \
| /usr/bin/mail -s "Rkhunter daily run on `uname -n`" gordy@localhost
exit 0
-------
Change the mail name to your local login name please....if you choose to use it. I have used the vanilla install and not the sidux editon for reasons explained above.
You can add --update and --versioncheck if your net is always on
2) My rkhunter conf file modified to reflect sidux is
http://h1.ripway.com/aus9/sidux/rkhunter.conf.txt
Delete the .txt which was needed for online viewing purposes
Its too large to post here.
cheerio |
|
|
| |
|
|
|
|
|
|
|
|
