Marcus Meissner schrieb:
On Tue, Sep 30, 2014 at 10:08:02PM +0200, Jan Engelhardt wrote:
On Tuesday 2014-09-30 22:03, Christian Boltz wrote:
rkhunter warns : "Warning: Hidden file found: /usr/bin/.fipscheck.hmac: ASCII text
Nevertheless, /usr/bin/ is for _executable_ files only, and having hidden files there is at least a bit strange IMHO.
I don't know the internals of fipscheck, but IMHO non-executable files (like .fipscheck.hmac) shouldn't be located in /usr/bin/ Marcus, do you want a bugreport about this? ;-)
Where should it be instead? Maybe something in the spirit of /usr/src/debug with fully mirrored directory hierarchy? Or perhaps an xattr associated with the file? (Though that may not outlive security scrutiny.)
It contains a checksum for the binary that is required on start-up. We can hide it somewhere else, but it should be close.
extended attributes might be too fragile.
Maybe it would be possible to store the checksum in some ELF header. So it's invisible to the user and inseparable from the binary. When checking itself the code of course needs to skip this part.
In the mean time we can disable this fips stuff for openSUSE I guess as openSUSE won't be validated for fips anyways, right?
cu Ludwig