[Bug 196928] security/rkhunter version 1.4.2 seems to missunderstand UID0_ACCOUNTS option

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Tue Jan 20 11:42:36 UTC 2015


https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=196928

            Bug ID: 196928
           Summary: security/rkhunter version 1.4.2 seems to
                    missunderstand UID0_ACCOUNTS option
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs at FreeBSD.org
          Reporter: edgar.wiesmann at rif-ev.de
                CC: lukasz at wasikowski.net
                CC: lukasz at wasikowski.net
             Flags: maintainer-feedback?(lukasz at wasikowski.net)

if I have more than one declaration of UID0_ACCOUNTS in rkhunter.conf and/or
rkhuunter.conf.local, rkhunter reports both of them as warnings:

example 1:
    rkhunter.conf: UID0_ACCOUNTS=toor
    rkhunter.conf.local: UID0_ACCOUNTS=dirvish

    hostname # rkhunter --skip-keypress --report-warnings-only --check
    Warning: Account 'toor' is root equivalent (UID = 0)
    Warning: Account 'dirvish' is root equivalent (UID = 0)

example 2:
    rkhunter.conf.local: UID0_ACCOUNTS=toor
    rkhunter.conf.local: UID0_ACCOUNTS=dirvish

    hostname # rkhunter --skip-keypress --report-warnings-only --check
    Warning: Account 'toor' is root equivalent (UID = 0)
    Warning: Account 'dirvish' is root equivalent (UID = 0)

example 3:
    rkhunter.conf: UID0_ACCOUNTS=toor
    rkhunter.conf.local: UID0_ACCOUNTS=toor dirvish

    hostname # rkhunter --skip-keypress --report-warnings-only --check
    Warning: Account 'toor' is root equivalent (UID = 0)

If I declare
    UID0_ACCOUNTS=toor dirvish
in either rkhunter.conf OR rkhunter.conf.local everything is fine.

Greetings from Dortmund (Germany)

Edgar

--- Comment #1 from Bugzilla Automation <bugzilla at FreeBSD.org> ---
Maintainer CC'd

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the freebsd-ports-bugs mailing list