On Thu, 08 Jan 2009 20:29:49 +0000 John Horne <john.horne@xxxxxxxxxxxxxx> wrote: > On Thu, 2009-01-08 at 15:22 -0500, Gene Heskett wrote: > > On Thursday 08 January 2009, John Horne wrote: ...snip... > > Should the rpm installer have over written them? I dunno, there > > could be problems intro'd either way in this case. > > > The rkhunter installer will not overwrite anything in /etc. The copies > it takes of the files are for its own use and put into a separate > secure directory. It is those files it looks for. > > Looking at the rkhunter 1.3.2 rpm spec file (as used for the Fedora > package), it does not seem to take an initial copy of the files. So > that would explain why you got the initial warning. However, as has > already been replied, the spec file for 1.3.4 FC10 does do this > initial copy (although I cannot personally verify that). Nope. Neither one does that. You need to run 'rkhunter --propupd' to get it to make copies of passwd/shadow and save file properties. The reason for that is that the package can't know anything about how much you trust your current install when it's installed. It's up to you to run the --propupd and tell it that you think the system is clean and that everything should be saved. > > > > John. > kevin
Attachment:
signature.asc
Description: PGP signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
