On Friday 16 January 2009, Paulo Cavalcanti wrote: >On Sun, Jan 11, 2009 at 4:06 PM, Gene Heskett <gene.heskett@xxxxxxxxxxx>wrote: >> On Sunday 11 January 2009, Kevin Fenzi wrote: >> >On Thu, 08 Jan 2009 20:29:49 +0000 >> > >> >John Horne <john.horne@xxxxxxxxxxxxxx> wrote: >> >> On Thu, 2009-01-08 at 15:22 -0500, Gene Heskett wrote: >> >> > On Thursday 08 January 2009, John Horne wrote: >> > >> >...snip... >> > >> >> > Should the rpm installer have over written them? I dunno, there >> >> > could be problems intro'd either way in this case. >> >> >> >> The rkhunter installer will not overwrite anything in /etc. The copies >> >> it takes of the files are for its own use and put into a separate >> >> secure directory. It is those files it looks for. >> >> >> >> Looking at the rkhunter 1.3.2 rpm spec file (as used for the Fedora >> >> package), it does not seem to take an initial copy of the files. So >> >> that would explain why you got the initial warning. However, as has >> >> already been replied, the spec file for 1.3.4 FC10 does do this >> >> initial copy (although I cannot personally verify that). >> > >> >Nope. Neither one does that. You need to run 'rkhunter --propupd' to >> >get it to make copies of passwd/shadow and save file properties. >> > >> >The reason for that is that the package can't know anything about how >> >much you trust your current install when it's installed. It's up to you >> >to run the --propupd and tell it that you think the system is clean and >> >that everything should be saved. >> > >> >> John. >> > >> >kevin >> >> At the time I posted the original message, I had already done that with >> 1.3.2, >> so I built 1.3.4, which did apparently do that properly when that >> operation was repeated. > >I have run rkhunter --propupd many times, I do have a copy of group and >passwd >in /var/run/rkhunter, but I always receive an email saying that there is no >copy >of group and passwd. Upgrading to 1.3.4 did not change anything. This >happens on every computer I have rkhunter installed. It is running here, silently. I added the two files it thought were funkity to the config and haven't had a message from it since. And I did have the - copies in /etc. I think it was these two it was fussing about: /var/lib/rkhunter/tmp/group /var/lib/rkhunter/tmp/passwd But they weren't created till I did the -propupd with 1.3.4. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Zoe: "Sir, I think you have a problem with your brain being missing." --Episode #2, "The Train Job" -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
