On Tue, Sep 30, 2014 at 10:08:02PM +0200, Jan Engelhardt wrote:
On Tuesday 2014-09-30 22:03, Christian Boltz wrote:
rkhunter warns : "Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text
Nevertheless, /usr/bin/ is for _executable_ files only, and having hidden files there is at least a bit strange IMHO.
I don't know the internals of fipscheck, but IMHO non-executable files (like .fipscheck.hmac) shouldn't be located in /usr/bin/ Marcus, do you want a bugreport about this? ;-)
Where should it be instead? Maybe something in the spirit of /usr/src/debug with fully mirrored directory hierarchy? Or perhaps an xattr associated with the file? (Though that may not outlive security scrutiny.)
It contains a checksum for the binary that is required on start-up. We can hide it somewhere else, but it should be close.
extended attributes might be too fragile.