On Thu, 22 Nov 2007, Andreas Vetter wrote:-
>On Thu, 22 Nov 2007, David Bolt wrote:
>
>> 1.3.0 doesn't know _any_ md5sums. That's the purpose of the --propupd
>> option. The --propupd option creates the reference file containing the
>> md5sums, and should be called as soon as possible after the initial
^^^^^^^
Gah! That should be sha1sums, unless you change the defaults.
>> installation.
>
>thank you, I didn't know. And another --propupd after every update of a
>binary that is scanned by --propupd.
That's probably the best way of doing it.
>So we need to keep track of the rpms that contain such binaries.
Yes.
>Then put
>some code in the postinstall of those rpms (at least coreutils) that
>checks if rkhunter is installed and if so finally runs rkhunter --propupd.
Except that doing that would/could add a dependency for rkhunter that
may no be a good thing. I think the best way would be to add a check to
the %post so that rkhunter --propupd is run after the initial
installation. Then root can perform a scan to see if any unexpected
files have changed and, if not, then run rkhunter --propupd manually.
The trouble with that is that it's another thing root has to remember to
do after an update.
>I don't think it should be a SuSEconfig script like the ldconfig thing.
>This would run too often and could make replaced binaries trusted.
The joys of system security :|
Regards,
David Bolt
--
Team Acorn: http://www.distributed.net/ OGR-P2 @ ~100Mnodes RC5-72 @ ~15Mkeys
| SUSE 10.1 32bit | openSUSE 10.2 32bit | openSUSE 10.3 32bit
SUSE 10.0 64bit | SUSE 10.1 64bit | openSUSE 10.2 64bit |
RISC OS 3.11 | RISC OS 3.6 | TOS 4.02 | openSUSE 10.3 PPC
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
