| Summary: | ALLOWDEVFILE do not accept path with spaces | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Harald Reindl <h.reindl> | ||||
| Component: | rkhunter | Assignee: | Kevin Fenzi <kevin> | ||||
| Status: | CLOSED CANTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | 13 | CC: | devrim, kevin | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2011-02-06 21:48:40 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
|
Description
Harald Reindl
2011-02-01 07:12:25 UTC
Does: ALLOWDEVFILE=/dev/shm/sem.SWT* work? Not really, something must be really poor coded here if you look at the foldr-listing and what happens :-) [root@srv-rhsoft:~]$ rkhunter --check Invalid ALLOWDEVFILE configuration option: Invalid pathname: Studio Invalid ALLOWDEVFILE configuration option: Invalid pathname: Studio_Launcher [root@srv-rhsoft:~]$ cat /etc/rkhunter.conf.local MAIL-ON-WARNING="rhsoft" IP_CMD=DISABLED ALLOWPROMISCIF="eth0 eth1" ALLOWHIDDENDIR=/etc/.git ALLOWHIDDENFILE=/etc/.etckeeper ALLOWHIDDENFILE=/etc/.gitignore ALLOWDEVFILE=/dev/shm/sem.SWT_Window_Zend* [root@srv-rhsoft:~]$ /bin/ls -1 /dev/shm/ | grep -i Zend sem.SWT_Window_Zend Studio sem.SWT_Window_Zend Studio_Launcher Right. So the problem here is that these parameters expect to be space delimited. ;( I'll talk with upstream about a fix. Can you get Zend to use a different filename in the mean time? as far as i know them - no lucky that they released a x86_64 after long years of whineing..... What happens if you use: ALLOWDEVFILE=/dev/shm/sem.SWT_Window_Zend%Studio Thank you for your help!
No way, it does not stop directly after start with a config error, but the warnings will not go away - no idea what the upstream code does, but it is horrible to see that spaces are a problem like 20 years ago und taht a * uses both files the same way as write them unescaped in the config file is a real warning
__________________________
Warning: Suspicious file types found in /dev:
/dev/shm/sem.SWT_Window_Zend Studio_Launcher: data
/dev/shm/sem.SWT_Window_Zend Studio: data
__________________________
[root@srv-rhsoft:~]$ cat /etc/rkhunter.conf.local
MAIL-ON-WARNING="rhsoft"
IP_CMD=DISABLED
ALLOWPROMISCIF="eth0 eth1"
ALLOWHIDDENDIR=/etc/.git
ALLOWHIDDENFILE=/etc/.etckeeper
ALLOWHIDDENFILE=/etc/.gitignore
ALLOWDEVFILE=/dev/shm/sem.SWT_Window_Zend%Studio
ALLOWDEVFILE=/dev/shm/sem.SWT_Window_Zend%Studio_Launcher
[root@srv-rhsoft:~]$
ok, talking with upstream folks, it seems there's not any way to currently do this. ;( I guess for now I would suggest disabling this check on those machines that have this file? Hopefully they will grow the ability to use "s or \ or even just line delimited, but it's not there yet. You can continue discussion of this on the upstream devel list. Created attachment 477475 [details]
modified rkhunter script
Someone sent me the above modified rkhunter script with support for %'s in ALLOWDEVFILE. I've not reviewed the changes or test it, so use at your own risk. It sounds like they plan to solve the spaces issue in the next upstream release... |