[Bug 431386] Review Request: rkhunter - A host-based tool to scan for rootkits, backdoors and local exploits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review Request: rkhunter - A host-based tool to scan for rootkits, backdoors and local exploits


https://bugzilla.redhat.com/show_bug.cgi?id=431386


jpmahowald@xxxxxxxxx changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|nobody@xxxxxxxxxxxxxxxxx    |jpmahowald@xxxxxxxxx
             Status|NEW                         |ASSIGNED
               Flag|                            |fedora-review+




------- Additional Comments From jpmahowald@xxxxxxxxx  2008-02-14 04:01 EST -------
Yay security packages.

Builds on development and runs.

rpmlint:
rkhunter.noarch: E: non-readable /etc/rkhunter.conf 0640
rkhunter.noarch: E: non-readable /etc/sysconfig/rkhunter 0640

Fine, don't let the bad guys read rkhunter config

rkhunter.noarch: W: non-standard-dir-in-var rkhunter
rkhunter.src: W: mixed-use-of-spaces-and-tabs (spaces: line 1, tab: line 30)

Allow.

rkhunter.src: W: strange-permission 01-rkhunter 0755

A script, ignore.



License good, GPLv2+
Source matches
Is noarch
Follows naming guidelines
Proper use of macros
%files section proper permissions, ownership


The perl scripts in the spec are a bit hard to read, but their configuration
purpose is clear.

As to perl scripts for sha1/md5  I agree system executables should be used. In a
rootkit detection situation you may not be able to trust them, which is the only
case I would find those useful. If that's the case I doubt rkhunter would be
much help, as perl and the system is probably untrustworthy anyway.  Feel free
to continue to not include them.


I see cron is using the --update flag. Applying updates will make the db show up
on rpm verification as changed. This might bother the worried user running rpm
-V that their rkhunter is compromised. I don't see any other way of keeping it
updated in between major releases.

Package itself is fine. APPROVED

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

_______________________________________________
Fedora-package-review mailing list
Fedora-package-review@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-package-review
[Index of Archives]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]