Re: rkhunter Question.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 08 Jan 2009 20:29:49 +0000
John Horne <john.horne@xxxxxxxxxxxxxx> wrote:

> On Thu, 2009-01-08 at 15:22 -0500, Gene Heskett wrote:
> > On Thursday 08 January 2009, John Horne wrote:

...snip...

> > Should the rpm installer have over written them?  I dunno, there
> > could be problems intro'd either way in this case.
> > 
> The rkhunter installer will not overwrite anything in /etc. The copies
> it takes of the files are for its own use and put into a separate
> secure directory. It is those files it looks for.
> 
> Looking at the rkhunter 1.3.2 rpm spec file (as used for the Fedora
> package), it does not seem to take an initial copy of the files. So
> that would explain why you got the initial warning. However, as has
> already been replied, the spec file for 1.3.4 FC10 does do this
> initial copy (although I cannot personally verify that).

Nope. Neither one does that. You need to run 'rkhunter --propupd' to
get it to make copies of passwd/shadow and save file properties. 

The reason for that is that the package can't know anything about how
much you trust your current install when it's installed. It's up to you
to run the --propupd and tell it that you think the system is clean and
that everything should be saved. 

> 
> 
> 
> John.
> 

kevin

Attachment: signature.asc
Description: PGP signature

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux