Mailinglist Archive: opensuse-bugs (2746 mails)

< Previous Next >
[Bug 826276] New: rkhunter.conf doesn't contain some files in /dev that should be whitelisted
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Fri, 21 Jun 2013 22:40:14 +0000
  • Message-id: <bug-826276-21960@http.bugzilla.novell.com/>

https://bugzilla.novell.com/show_bug.cgi?id=826276

https://bugzilla.novell.com/show_bug.cgi?id=826276#c0


Summary: rkhunter.conf doesn't contain some files in /dev that
should be whitelisted
Classification: openSUSE
Product: openSUSE 12.3
Version: Final
Platform: x86-64
OS/Version: openSUSE 12.3
Status: NEW
Severity: Minor
Priority: P5 - None
Component: Security
AssignedTo: security-team@xxxxxxx
ReportedBy: arun@xxxxxx
QAContact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---


User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:21.0) Gecko/20100101
Firefox/21.0

I'm running 12.3/Tumbleweed and rkhunter gives the following output:

Warning: Suspicious file types found in /dev:
/dev/.sysconfig/network/if-eth0: ASCII text
/dev/.sysconfig/network/ifup-eth0: ASCII text
/dev/.sysconfig/network/config-eth0: ASCII text
/dev/.sysconfig/network/ifup-lo: ASCII text
/dev/.sysconfig/network/if-lo: ASCII text
/dev/.sysconfig/network/config-lo: ASCII text
/dev/.sysconfig/network/started: ASCII text
/dev/.sysconfig/network/new-stamp-2: ASCII text
Warning: Hidden directory found: '/dev/.sysconfig'
Warning: Hidden file found: /dev/.udev: symbolic link to `/run/udev'


/etc/rkhunter.conf does include lines like:

ALLOWDEVFILE=/dev/.sysconfig/sysconfig/ifup-eth0

so it looks to me that the above should also be included.

As I mentioned I'm running Tumbleweed and haven't done a clean install in a
while, so I'm not sure if this issue shows up in 12.3, but since the timestamps
on these files are current, I assume that this would be the case.

Reproducible: Always

Steps to Reproduce:
1. run rkhunter
2.
3.
Actual Results:
warning about some files in /dev/.sysconfig

Expected Results:
shouldn't complain about files that are created by a standard system

--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

< Previous Next >