On Sat, 2008-12-06 at 11:45 +0100, [EMAIL PROTECTED] wrote: > > let's suppose I just installed rkhunter. > I do "rkhunter --update" and after "rkhunter --check". > > RKH will shows me "[OK]" for almost every binary in my system. > My question is: if I never do "rkhunter --propupd" and so rkhunder.dat > not exists (not yet), how the binary files are compared? > You will have received a warning for the file properties 'prerequisites' check. That will tell you (in the log file) that the file properties file (rkhunter.dat) does not exist.
The file properties check includes some tests which do not require the file be compared to anything - either the rkhunter.dat file, or a package manager. It is these tests that RKH carries out even if rkhunter.dat does not exist. As such the test results for each file will still be 'OK' or a warning. The tests are whether the immutable bit is set on the file, and whether the file is a script or not. I will see if we can add a short message to the log file stating that the file properties check will still proceed with some tests despite the rkhunter.dat file not existing. John. -- --------------------------------------------------------------- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ SF.Net email is Sponsored by MIX09, March 18-20, 2009 in Las Vegas, Nevada. The future of the web can't happen without you. Join us at MIX09 to help pave the way to the Next Web now. Learn more and register at http://ad.doubleclick.net/clk;208669438;13503038;i?http://2009.visitmix.com/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
