#35 Support conf.d style configuration

main
closed-accepted
unSpawn
Rkhunter (37)
5
2012-12-21
2012-10-17
No

This is a feature request to be able to configure and manage local rootkit hunter installations with a conf.d style folder, where it is possible to simply add individual configurations that reflect a change to the system (i.e. installing an additional package would be-able to install a rkhunter configuration).

This would be immensely useful in larger scale deployments where a standard base configuration is require, but then certain machine will require tweaked/altered configurations/exceptions (as is my case, where I manage machines via puppet).

At the moment, I manage 19 different configuration files - where if I need to change/add an exception, I have to update them all. It would be far better, in my opinion, if I could simply drop a new micro conf file into a conf.d directory (i.e. /etc/rkhunter/conf.d/).

Discussion

  • unSpawn

    unSpawn - 2012-10-17
    • assigned_to: nobody --> unspawn
     
  • John Horne

    John Horne - 2012-10-17

    Well I admit I have no problem with the idea generally, and can see how it would certainly help in your situation.

    However, 'conf.d' directories are generally for config files which are 'merged' together to form an overall configuration. With RKH we currently use a standard (/etc/rkhunter.conf) configuration, and then 'override' that with any entries in the local config file (/etc/rkhunter.conf.local). To cater for a 'conf.d' directory we would need to rework how the config files were handled, as well as catering for some backward compatibility. It's possible, but would take a bit of work.

     
  • Russell Knighton

    English Definition Update

     
  • Russell Knighton

    I never realised it was all just a handy shell script - great language of choice! :-)

    Because of this, I felt daring and decided to check out a CVS copy, and start hacking - attached now is a resultant couple of patches to enable a conf.d style configuration mechanism.

    Tested and working here (just need to create an "/etc/rkhunter.conf.d/" folder on my system and I can now add additional "micro" config files into the folder that contain one or two lines of config.

    The patch was developed on Linux - but hopefully is compatible with other systems (it will require your expert eye to know) - I have no access to Solaris for example, so I could not check or test.

    Please take a look and let me know what you think. It would be great if this couple one day be included main line.

     
  • Russell Knighton

    I should have also mentioned that I developed it on Ubuntu 12.04 - so consequently the default shell I tested against was dash.

     
  • John Horne

    John Horne - 2012-11-09

    annunaki2k2: Oh well done :-) I have just taken a look at this request again, and it seems that we could implement this relatively easily. I then noticed your patch, and you seem to have done most of the work! I'm going to rewrite it a little bit, and perhaps use a '/etc/rkhunter.d/ directory rather than /etc/rkhunter/conf.d' but basically your patch looks fine.

     
  • John Horne

    John Horne - 2012-11-10

    Just to make sure I've got this right, can you give me an example or two of RKH configuration options that you set on a per-system basis and for which the above request would be useful? Thanks.

     
  • John Horne

    John Horne - 2012-12-02

    First version pushed to CVS. It uses the /etc/rkhunter.d' directory, and requires the 'bash' shell.
    (Obviously we want to change that before release so that it works with other shells.)
    However you may want to test the CVS version to see if it does what you want.

     
  • John Horne

    John Horne - 2012-12-06

    Second version pushed to CVS. This should now work regardless of the type of shell.

     
  • John Horne

    John Horne - 2012-12-21
    • status: open --> closed-accepted
     

Log in to post a comment.