On Thu, 2007-09-06 at 11:44 +1000, Gordy wrote:
> 1.3.0 beta 2 was tested with standard and custom layout with installs
> on a Linux Mandriva 2007.1 worked without errors.
>
That's good to hear, thanks.
> The standard and custom removal also worked so well that here is the
> result of removal where /opt pathway.
>
> --------------------------------------cli screen----------------------------
> [EMAIL PROTECTED] rkhunter-1.3.0]# sh installer.sh --layout custom /opt
> --remove
> Starting uninstallation
>
> Checking PREFIX /opt: exists, and is writable. OK
> Removing installation files:
> Removing rkhunter.8: OK.
> Removing /opt/bin/rkhunter: OK.
> Removing /opt/etc/rkhunter.conf: OK.
>
> Please remove any /opt/etc/rkhunter.conf.* files manually.
>
> REMOVING INSTALLATION DIRECTORIES.....(my emphasis)
> Removing /opt/lib/rkhunter: OK.
> Removing /opt/share/doc/rkhunter-1.3.0: OK.
> Removing /opt/var/lib/rkhunter: OK.
>
> Done removing files. Please double-check
>
> ---------------------------------------------------------
>
> I have no problem with the advice to double-check but when I did, I
> found that the /opt/....conf file was already removed by your script.
>
> In fact all files were removed from opt leaving behind only the child folders
> in /opt
> bin/ etc/ lib/ share/ ..../share/doc/...../share/man/....../share/man/man8
> var/...../var/lib
>
> and no files in any /opt subfolder.
>
Okay, a bit of explanation is needed. First of all the installer is
doing what it is supposed to do :-)
There are two main points here, the config file and all the other files
and directories:
Config file:
When you install RKH, it installs the config file to some location. If
you then re-install RKH, using the same options, it does not overwrite
the old config file. Instead it creates a new one with a (hopefully
unique!) number as its suffix. So in my case, installing RKH a second
time into /opt, the installer shows:
Installing rkhunter.conf in no-clobber mode: OK.
>>>
>>> PLEASE NOTE: inspect for update changes
in /opt/etc/rkhunter.conf.20211
>>> and apply to /opt/etc/rkhunter.conf before running Rootkit
Hunter.
>>>
The /opt/etc directory shows:
[EMAIL PROTECTED] rkhunter]# ls -l /opt/etc/rkh*
-rw-r----- 1 root root 17841 2007-09-06 13:20 /opt/etc/rkhunter.conf
-rw-r----- 1 root root 17841 2007-09-06
13:21 /opt/etc/rkhunter.conf.20211
The 'rkhunter.conf.20211' is the new config file.
When removing RKH it will remove the config file as defined by the
installer - '/opt/etc/rkhunter.conf'. It does not remove any other
config files, like 'rkhunter.conf.20211', so when removing RKH it tells
you do this manually:
Please remove any /opt/etc/rkhunter.conf.* files manually.
Note the '.*' on the end!
Other files and directories:
When removing RKH it will remove whatever files it can, that it knows
about having installed. It also removes the log files from /var/log. So
files are not generally a problem.
When installing RKH it may have to create directories. In my case above,
for example, it had to create /opt/etc, /opt/bin and so on. However, RKH
does not 'remember' this, and so when removing RKH it does not know
whether it has created the directory or not. Since the directory may
contain other files, RKH cannot just delete it. Since it does not know
if the directory was supposed to be there, it cannot delete it. Hence,
in this example, removing RKH will leave empty directories in /opt.
Okay. Now think about it a bit differently. Supposed you installed RKH
into /usr. Should it then remove /usr/bin when removing RKH? Obviously
not :-)
Secondly, on systems like Fedora 7 /usr/local/bin, /usr/local/etc and so
on are automatically created when the operating system is installed.
There is nothing in them, but they are present. So again, RKH should not
remove them (even if they are empty). On NetBSD the /usr/local directory
does not exist at all. So installing RKH causes RKH to create it and the
sub-directories /usr/local/bin, /usr/local/etc and so on. When removing
RKH, these sub-directories are left empty, because RKH does not know it
has created them, so it doesn't delete them.
However, RKH does know about some sub-directories that it has installed.
These are invariably those containing the name 'rkhunter'. So, for
example it will delete (in my case) '/opt/var/lib/rkhunter' and
'/opt/share/doc/rkhunter-1.3.0'. When removing RKH, it tells you this:
Removing installation directories:
Removing /opt/lib/rkhunter: OK.
Removing /opt/share/doc/rkhunter-1.3.0: OK.
Removing /opt/var/lib/rkhunter: OK
Note, nothing is said about removing '/opt/lib', 'opt/var' and so on.
Using the installer '--show' option will show you where RKH has been
installed. So you can remove /opt/bin etc yourself if you wish. Hence
the 'please double-check' message.
Does that help?
John.
--
---------------------------------------------------------------
John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914
E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
