File: TODO

package info (click to toggle)
systraq 0.0.20070301-4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 1,392 kB
  • ctags: 13
  • sloc: sh: 792; makefile: 116
file content (63 lines) | stat: -rw-r--r-- 2,928 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

$Id: TODO 319 2007-03-01 10:30:01Z joostvb $

- reimplement bootstrap as something like

   AUTOMAKE=automake-1.9 ACLOCAL=aclocal-1.9 autoreconf --install \
      --symlink --make

- xsltproc 1.0.16-0.2 does not understand --path; xsltproc 1.1.8-5 does.
  Document this.  Furthermore, under some circumstances (on topaz, e.g.)
  xsltproc says:
    I/O error : Attempt to load network entity
    http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd
  _even_ with --nonet option.
- Split requirements in manual in cvs-build-time, build-time and run-time;
  document all run-time dependencies, get configure.ac check for them.
- Don't use pod but docbook for st_snapshot manpage.
- Add links from systraq homepage to stuff build with "make html".
- Finish systraq manual: add diagram listing dependencies (see the FIXME)
- Don't install st_snapshot.hourly in bin/ , but in a location like libexec/ .
- Don't use md5sum, nor sha1sum as shipped with GNU coreutils
  ( ftp://ftp.gnu.org/gnu/coreutils/ ).  
  md5sum should be variable ST_SUM in /usr/sbin/systraq, it should be set
  optionally.
  wait for coreutils or openssl to ship a commandline SHA2 tool or
  use gpg --print-md RIPEMD160 (or gpg --print-md SHA256).  The
  first one seems to behave as a drop-in replacement, wrt output-format.
  The SHA-2 standard is fine, it defines both SHA-224 and SHA-512.
  RIPEMD-160 if fine too, as of april 2006.
  See also shasum, shipped with libdigest-sha-perl and sleuthkit which ships
  sha1.

  RĂ¼diger Weis and Stefan Lucks have described this in a paper presented at
  http://www.sane.nl/sane2006/program/abstract.php?eventid=24 An article which
  _is_ available online, describing the same issue, is at
  http://www.cryptolabs.org/hash/LucksWeisSicherheitHash0305.html

  Probably filetraq needs a fix too...

  http://lists.debian.org/debian-devel/2005/11/msg01578.html

http://lists.debian.org/debian-devel/2005/11/msg01633.html

http://lists.debian.org/debian-devel/2005/11/msg01694.html

http://lists.debian.org/debian-devel/2005/11/msg01653.html

http://liw.iki.fi/liw/summain/

- The way all homedirectories are found is braindead.  It fails in case
  something like NIS is used.  Document this.
- Systraq should silently ignore non-world-readable to-be-monitored files in
  homedirectories.  This is nice on systems where some users like to have e.g.
  ~/.bashrc monitored and others do not.  Document this behaviour, and instruct
  admins to check for readability when setting up list of to be monitored
  files.  Check what happens when permissions change: are we getting warned?  I
  guess we should be warned.  Bug reported by Lionel Elie Mamane.
- Make this package usable on systems with a configured filetraq:
  > What to do with filetraq.default
  > What to do with filetraq cron job
- Guess systraq doesn't need it's own group, but is fine with being in
  'nogroup'.  systraq files can be group-owned root.