On Thu, 2007-12-06 at 23:01 +0000, Dick Gevers wrote: > On Thu, 06 Dec 2007 21:42:53 +0000, John Horne wrote about Re: > [Rkhunter-users] baffling warning: > > >Hmm, this doesn't make much sense. The warnings are caused by the RPM > >package manager saying that the files are NOT correct. > > Yes, but the rpmdb changes when packages are upgraded. So rkh needs a new > baseline to check, which --propupd takes care of. At least that's how I > understand it. > No. If a package manager is used then all RKH does is ask the package manager if the files are okay. It (rkhunter) does not use any stored file attributes when the package manager is used. Hence, using '--propupd' makes no difference to packaged files in this instance.
> > Can you run 'rpm > >-Vf /usr/bin/who' and let me know what the output is (if any) please. > > Of course: > # rpm -Vf /usr/bin/who > S.5....T c /etc/DIR_COLORS > S.5....T c /etc/pam.d/su > .M....G. /usr/bin/who > > Looks okay to me. But I'll appreciate any ideas. > If you look at the 'rpm' man page, under the verification section it will tell you what the various letters mean. For the 'who' file the mode/permissions and group ownership have changed from what the RPM database expects. John. -- --------------------------------------------------------------- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
