2009/11/30 Kevin Fenzi <kevin@xxxxxxxxx>: > Sure, that works fine if you are willing to keep up to date on security > updates on those applications and update your config each time one > changes in fedora. I did say that I like to know when things change, hence the inclusion of the version numbers. That approach also works very well if you need to keep a package at a certain revision for some reason as including its specific version in "rkhunter.conf" would provide a warning should an update ever be applied by mistake, or a default package be installed instead of a custom build for that matter. That's definitely not appropriate for a dynamic distribution like Fedora, although maybe something like Debian Stable or Red Hat where version numbers don't change much could get away with it. > For the out of box package that would result in pushing an update to > rkhunter anytime any of those updated and there could be lag between > the updates and when someone applied the rkhunter one. That's a good point about the lag and it would be a problem, but then again it wouldn't be the only package in Fedora that needed to be updated in response to changes to another, apparently unrelated one; Yelp and Firefox for instance. For a more general package distribution it would definitely be better to either disable the checks or just push the RKHunter package with a whitelist of problematic applications without the version numbers, for instance: APP_WHITELIST="gpg httpd named sshd..." I don't think it would actually be that hard to manage the list as RKHunter currently only check the versions of nine key packages - presumably to the author of RKHunter since Exim and ProFTP are checked while Fedora's defaults of Sendmail and VSFTP are not. All that would be required would be to monitor Fedora "testing" for version number changes to the tested packages and proactively push a new version of the RKHunter package with an updated config before the move to "updates". > But sure, if you want to maintain a list locally, feel free. Well, since I'm not the Fedora RKHunter packager, that's one of the benefits of Open Source that I might be taking advantage off - the other being to poke around in the source and figure out how to test the versions of some other applications. :) -- Andy The only person to have all his work done by Friday was Robinson Crusoe -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines