package rkhunter tags 472114 + pending thanks Hi Francois,
Le dimanche 23 mars 2008 à 21:18 +1300, Francois Marier a écrit : > Hi Julien, > > I was using PKGMGR=DPKG and switching to NONE makes it much faster. So I > think that my original bug report isn't so relevant anymore. > > However, I would suggest you do the following before closing it: > > - add a note in the config file next to the PKGMGR field to say that hash > computation takes about 4 times longer when it's set to DPKG I have added a short comment in the default configuration file. > On 2008-03-23 at 07:45:46, Julien Valroff wrote: > > I first thought it was a good idea, but the answer of the upstream > > developer to the bug report lets me think it isn't a good idea to use > > the attributes test without the hashes test. > > > > Would you please check his comment at > > https://sourceforge.net/tracker/?func=detail&atid=794190&aid=1922881&group_id=155034 > > I have replied to the upstream bug to clear up what my original suggestion > was. Although, now I don't think it's necessary anymore. > > With respect to doing a propupd with --hash NONE if "hashes" is detected in > DISABLE_TESTS, I think that's still a good idea. I mean, ideally you would > want to run both tests, but rkhunter does provide a facility to disable one > of them. So if, for whatever reason, an admin decides to disable hashes, > then the post-invoke script should honour that decision and skip the hash > computation. After checking, this is already done in rkhunter itself: if ! `check_test attributes`; then SCMD="" elif [ -z "${STAT_CMD}" ]; then SCMD="" else if [ -n "`echo \"${STAT_CMD}\" | grep '\.pl$'`" ]; then SCMD="${STAT_CMD} --modeoct --raw --ino --mode --uid --gid --size --Mtime" elif [ $BSDOS -eq 1 ]; then SCMD="${STAT_CMD} -f '%i %Mp%Lp %u %g %z %m:'" else SCMD="${STAT_CMD} --format='%i 0%a %u %g %s %Y:'" fi fi [...] if ! `check_test hashes`; then HCMD="" elif [ -z "${PKGMGR}" -a "${HASH_FUNC}" = "NONE" ]; then HCMD="" else HCMD="${HASH_FUNC}" fi You can check this in rkhunter.dat when disabling eg. the hashes test. You'll get something like: File:/bin/bash::1556524:0755:0:0:817352:1202598270: (ie no hashes) or the following when the attributes test is disabled: File:/bin/bash:67743a83731749bfe09341b4bf1eb5da7e1c7428::::::: > Thanks for your help resolving this problem! I really appreciate how much > time and effort you put into supporting rkhunter users. Thanks to you for using Debian and rkhunter ;-) Cheers, Julien
