On Sunday 11 January 2009, Kevin Fenzi wrote: >On Thu, 08 Jan 2009 20:29:49 +0000 > >John Horne <john.horne@xxxxxxxxxxxxxx> wrote: >> On Thu, 2009-01-08 at 15:22 -0500, Gene Heskett wrote: >> > On Thursday 08 January 2009, John Horne wrote: > >...snip... > >> > Should the rpm installer have over written them? I dunno, there >> > could be problems intro'd either way in this case. >> >> The rkhunter installer will not overwrite anything in /etc. The copies >> it takes of the files are for its own use and put into a separate >> secure directory. It is those files it looks for. >> >> Looking at the rkhunter 1.3.2 rpm spec file (as used for the Fedora >> package), it does not seem to take an initial copy of the files. So >> that would explain why you got the initial warning. However, as has >> already been replied, the spec file for 1.3.4 FC10 does do this >> initial copy (although I cannot personally verify that). > >Nope. Neither one does that. You need to run 'rkhunter --propupd' to >get it to make copies of passwd/shadow and save file properties. > >The reason for that is that the package can't know anything about how >much you trust your current install when it's installed. It's up to you >to run the --propupd and tell it that you think the system is clean and >that everything should be saved. > >> John. > >kevin At the time I posted the original message, I had already done that with 1.3.2, so I built 1.3.4, which did apparently do that properly when that operation was repeated. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Depart not from the path which fate has assigned you. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
