[Bug 1453952] [NEW] Wildcards in "ALLOWDEVFILE" Not Working

Mon, 11 May 2015 13:46:19 -0700 

Public bug reported:

apt-cache policy rkhunter:
rkhunter:
  Installed: 1.4.2-0.4
  Candidate: 1.4.2-0.4

lsb_release -rd:
Description:    Ubuntu 15.04
Release:        15.04

Whitelisting files/directories with wildcards in the ALLOWDEVFILE
parameter not working as expected and are still reported as suspicious:

In /etc/rkhunter.conf:
ALLOWDEVFILE=/dev/shm/byobu-*

Output:
Warning: Suspicious file types found in /dev:
         /dev/shm/byobu-admin-gxyPtUEs/.last.tmux/updates_available: ASCII 
text, with no line terminators
         /dev/shm/byobu-admin-gxyPtUEs/.last.tmux/hostname: ASCII text, with no 
line terminators
         /dev/shm/byobu-admin-gxyPtUEs/.last.tmux/whoami: ASCII text, with no 
line terminators
         /dev/shm/byobu-admin-gxyPtUEs/.last.tmux/disk: ASCII text, with no 
line terminators
         /dev/shm/byobu-admin-gxyPtUEs/.last.tmux/memory: ASCII text, with no 
line terminators
         /dev/shm/byobu-admin-gxyPtUEs/.last.tmux/cpu_freq: ASCII text, with no 
line terminators
         /dev/shm/byobu-admin-gxyPtUEs/.last.tmux/cpu_count: ASCII text, with 
no line terminators
         /dev/shm/byobu-admin-gxyPtUEs/.last.tmux/load_average: ASCII text, 
with no line terminators
         /dev/shm/byobu-admin-gxyPtUEs/.last.tmux/cpu_temp: ASCII text, with no 
line terminators
         /dev/shm/byobu-admin-gxyPtUEs/.last.tmux/uptime: ASCII text, with no 
line terminators
         /dev/shm/byobu-admin-gxyPtUEs/.last.tmux/users: ASCII text, with no 
line terminators
         /dev/shm/byobu-admin-gxyPtUEs/.last.tmux/session: ASCII text, with no 
line terminators
         /dev/shm/byobu-admin-gxyPtUEs/.last.tmux/arch: ASCII text, with no 
line terminators
         /dev/shm/byobu-admin-gxyPtUEs/.last.tmux/release: ASCII text, with no 
line terminators
         /dev/shm/byobu-admin-gxyPtUEs/.last.tmux/distro: ASCII text, with no 
line terminators
         /dev/shm/byobu-admin-gxyPtUEs/.last.tmux/logo: ASCII text, with no 
line terminators
         /dev/shm/byobu-admin-gxyPtUEs/.last.tmux/network: ASCII text, with no 
line terminators
         /dev/shm/byobu-admin-gxyPtUEs/width: ASCII text, with no line 
terminators
         /dev/shm/byobu-admin-gxyPtUEs/status.tmux/cpu_freq: ASCII text, with 
no line terminators
         /dev/shm/byobu-admin-gxyPtUEs/status.tmux/load_average: ASCII text, 
with no line terminators
         /dev/shm/byobu-admin-gxyPtUEs/status.tmux/cpu_count: ASCII text, with 
no line terminators
         /dev/shm/byobu-admin-gxyPtUEs/status.tmux/users: ASCII text, with no 
line terminators
         /dev/shm/byobu-admin-gxyPtUEs/status.tmux/disk: ASCII text, with very 
long lines, with no line terminators
         /dev/shm/byobu-admin-gxyPtUEs/status.tmux/memory: ASCII text, with no 
line terminators
         /dev/shm/byobu-admin-gxyPtUEs/status.tmux/cpu_temp: ASCII text, with 
no line terminators
         /dev/shm/byobu-admin-gxyPtUEs/status.tmux/uptime: ASCII text, with no 
line terminators
         /dev/shm/byobu-admin-gxyPtUEs/status.tmux/hostname: ASCII text, with 
no line terminators
         /dev/shm/byobu-admin-gxyPtUEs/status.tmux/release: ASCII text, with no 
line terminators
         /dev/shm/byobu-admin-gxyPtUEs/status.tmux/whoami: ASCII text, with no 
line terminators
         /dev/shm/byobu-admin-gxyPtUEs/status.tmux/session: very short file (no 
magic)
         /dev/shm/byobu-admin-gxyPtUEs/status.tmux/arch: ASCII text, with no 
line terminators
         /dev/shm/byobu-admin-gxyPtUEs/status.tmux/distro: ASCII text, with no 
line terminators
         /dev/shm/byobu-admin-gxyPtUEs/status.tmux/logo: UTF-8 Unicode text, 
with no line terminators
         /dev/shm/byobu-admin-gxyPtUEs/cache.tmux/updates-available: ASCII text
         /dev/shm/byobu-admin-gxyPtUEs/cache.tmux/network.down: ASCII text, 
with no line terminators
         /dev/shm/byobu-admin-gxyPtUEs/cache.tmux/network.down.dev: ASCII text
         /dev/shm/byobu-admin-gxyPtUEs/cache.tmux/network.up: ASCII text, with 
no line terminators
         /dev/shm/byobu-admin-gxyPtUEs/cache.tmux/network.up.dev: ASCII text

** Affects: rkhunter (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: 1.4.2 allowdevfile vivid whitelist

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1453952

Title:
  Wildcards in "ALLOWDEVFILE" Not Working

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rkhunter/+bug/1453952/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to