On Thu, 2007-12-06 at 17:49 +0000, Dick Gevers wrote: > I've been meaning to ask this since rkh 1.3.0 came out, but never got > around to it. > > When one of the checked binaries changes, obviously a warning appears, > which goes away if I run rkh with '--propupd'. > > There's one set of exceptions: > [23:50:37] /bin/rpm [ Warning ] > [23:50:37] Warning: Package manager verification has failed: > [23:50:37] File: /bin/rpm > [23:50:37] The file permissions have changed > <snip> > [23:51:20] Warning: Package manager verification has failed: > [23:51:20] File: /usr/bin/w > [23:51:20] The file permissions have changed > [23:51:20] The file group has changed > <snip> > [23:51:25] /usr/bin/who [ Warning ] > [23:51:25] Warning: Package manager verification has failed: > [23:51:25] File: /usr/bin/who > [23:51:25] The file permissions have changed > [23:51:25] The file group has changed > <snip> > > No matter if I run --propupd and a check right after, these 3 files always > show up with these warnings everyday. rpm -Vvv will show them to be okay. > So, how can I avoid this kind of warning? Perhaps I missed something > essential in the documentation, but I wouldn't know what. > Hmm, this doesn't make much sense. The warnings are caused by the RPM package manager saying that the files are NOT correct. Can you run 'rpm -Vf /usr/bin/who' and let me know what the output is (if any) please.
When using a package manager the '--propupd' will have no affect on some of the file properties - for RPM this will include file permissions and group. As such running 'rkhunter --propupd' will make no difference to the warnings. The warnings will only go away when the RPM package manager database is happy that the files are valid. John. -- --------------------------------------------------------------- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 ------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
