196928 – security/rkhunter version 1.4.2 seems to missunderstand UID0_ACCOUNTS option

Bug 196928 - security/rkhunter version 1.4.2 seems to missunderstand UID0_ACCOUNTS option

Summary: security/rkhunter version 1.4.2 seems to missunderstand UID0_ACCOUNTS option

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	freebsd-ports-bugs (Nobody)

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-01-20 11:42 UTC by Edgar Wiesmann
Modified:	2015-01-21 18:09 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (lukasz)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Edgar Wiesmann 2015-01-20 11:42:35 UTC

if I have more than one declaration of UID0_ACCOUNTS in rkhunter.conf and/or rkhuunter.conf.local, rkhunter reports both of them as warnings:

example 1:
    rkhunter.conf: UID0_ACCOUNTS=toor
    rkhunter.conf.local: UID0_ACCOUNTS=dirvish

    hostname # rkhunter --skip-keypress --report-warnings-only --check
    Warning: Account 'toor' is root equivalent (UID = 0)
    Warning: Account 'dirvish' is root equivalent (UID = 0)

example 2:
    rkhunter.conf.local: UID0_ACCOUNTS=toor
    rkhunter.conf.local: UID0_ACCOUNTS=dirvish

    hostname # rkhunter --skip-keypress --report-warnings-only --check
    Warning: Account 'toor' is root equivalent (UID = 0)
    Warning: Account 'dirvish' is root equivalent (UID = 0)

example 3:
    rkhunter.conf: UID0_ACCOUNTS=toor
    rkhunter.conf.local: UID0_ACCOUNTS=toor dirvish

    hostname # rkhunter --skip-keypress --report-warnings-only --check
    Warning: Account 'toor' is root equivalent (UID = 0)

If I declare
    UID0_ACCOUNTS=toor dirvish
in either rkhunter.conf OR rkhunter.conf.local everything is fine.

Greetings from Dortmund (Germany)

Edgar

Comment 1 Bugzilla Automation freebsd_committer

2015-01-20 11:42:35 UTC

Maintainer CC'd

Comment 2 Lukasz Wasikowski 2015-01-21 15:56:10 UTC

Thank you Edgar, I was able to reproduce this problem. I've submitted this to upstream with a patch proposal, could you try it?

https://sourceforge.net/p/rkhunter/bugs/132/

Comment 3 Edgar Wiesmann 2015-01-21 18:09:54 UTC

Hi Lukasz,

the Patch did the trick.

The patched rkhunter now serves the UID0_ACCOUNTS options as expected...

Many Thanks to you and John Horne

Edgar