rkhunter Question.

Kevin Fenzi kevin at scrye.com
Sun Jan 11 16:17:23 UTC 2009


On Thu, 08 Jan 2009 20:29:49 +0000
John Horne <john.horne at plymouth.ac.uk> wrote:

> On Thu, 2009-01-08 at 15:22 -0500, Gene Heskett wrote:
> > On Thursday 08 January 2009, John Horne wrote:

...snip...

> > Should the rpm installer have over written them?  I dunno, there
> > could be problems intro'd either way in this case.
> > 
> The rkhunter installer will not overwrite anything in /etc. The copies
> it takes of the files are for its own use and put into a separate
> secure directory. It is those files it looks for.
> 
> Looking at the rkhunter 1.3.2 rpm spec file (as used for the Fedora
> package), it does not seem to take an initial copy of the files. So
> that would explain why you got the initial warning. However, as has
> already been replied, the spec file for 1.3.4 FC10 does do this
> initial copy (although I cannot personally verify that).

Nope. Neither one does that. You need to run 'rkhunter --propupd' to
get it to make copies of passwd/shadow and save file properties. 

The reason for that is that the package can't know anything about how
much you trust your current install when it's installed. It's up to you
to run the --propupd and tell it that you think the system is clean and
that everything should be saved. 

> 
> 
> 
> John.
> 

kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20090111/7c666387/attachment-0001.sig>


More information about the fedora-list mailing list