[Bug 431386] Review Request: rkhunter - A host-based tool to scan for rootkits, backdoors and local exploits

bugzilla at redhat.com bugzilla at redhat.com
Thu Feb 14 09:01:54 UTC 2008 

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: Review Request: rkhunter - A host-based tool to scan for rootkits, backdoors and local exploits


https://bugzilla.redhat.com/show_bug.cgi?id=431386


jpmahowald at gmail.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         AssignedTo|nobody at fedoraproject.org    |jpmahowald at gmail.com
             Status|NEW                         |ASSIGNED
               Flag|                            |fedora-review+




------- Additional Comments From jpmahowald at gmail.com  2008-02-14 04:01 EST -------
Yay security packages.

Builds on development and runs.

rpmlint:
rkhunter.noarch: E: non-readable /etc/rkhunter.conf 0640
rkhunter.noarch: E: non-readable /etc/sysconfig/rkhunter 0640

Fine, don't let the bad guys read rkhunter config

rkhunter.noarch: W: non-standard-dir-in-var rkhunter
rkhunter.src: W: mixed-use-of-spaces-and-tabs (spaces: line 1, tab: line 30)

Allow.

rkhunter.src: W: strange-permission 01-rkhunter 0755

A script, ignore.



License good, GPLv2+
Source matches
Is noarch
Follows naming guidelines
Proper use of macros
%files section proper permissions, ownership


The perl scripts in the spec are a bit hard to read, but their configuration
purpose is clear.

As to perl scripts for sha1/md5  I agree system executables should be used. In a
rootkit detection situation you may not be able to trust them, which is the only
case I would find those useful. If that's the case I doubt rkhunter would be
much help, as perl and the system is probably untrustworthy anyway.  Feel free
to continue to not include them.


I see cron is using the --update flag. Applying updates will make the db show up
on rpm verification as changed. This might bother the worried user running rpm
-V that their rkhunter is compromised. I don't see any other way of keeping it
updated in between major releases.

Package itself is fine. APPROVED

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.

More information about the Fedora-package-review mailing list