[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: rkhunter Question.



On Thu, 08 Jan 2009 20:29:49 +0000
John Horne <john horne plymouth ac uk> wrote:

> On Thu, 2009-01-08 at 15:22 -0500, Gene Heskett wrote:
> > On Thursday 08 January 2009, John Horne wrote:

...snip...

> > Should the rpm installer have over written them?  I dunno, there
> > could be problems intro'd either way in this case.
> > 
> The rkhunter installer will not overwrite anything in /etc. The copies
> it takes of the files are for its own use and put into a separate
> secure directory. It is those files it looks for.
> 
> Looking at the rkhunter 1.3.2 rpm spec file (as used for the Fedora
> package), it does not seem to take an initial copy of the files. So
> that would explain why you got the initial warning. However, as has
> already been replied, the spec file for 1.3.4 FC10 does do this
> initial copy (although I cannot personally verify that).

Nope. Neither one does that. You need to run 'rkhunter --propupd' to
get it to make copies of passwd/shadow and save file properties. 

The reason for that is that the package can't know anything about how
much you trust your current install when it's installed. It's up to you
to run the --propupd and tell it that you think the system is clean and
that everything should be saved. 

> 
> 
> 
> John.
> 

kevin

Attachment: signature.asc
Description: PGP signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]