Hi I'm using rpm package manager.
# tail -5 rkhunter.conf INSTALLDIR=/usr/local DBDIR=/var/lib/rkhunter/db SCRIPTDIR=/usr/local/lib/rkhunter/scripts TMPDIR=/var/lib/rkhunter/tmp USER_FILEPROP_FILES_DIRS=/usr/local/etc/rkhunter.conf All rkhunter logs contain the File properties check that says at the end: //usr/local/unhide/unhide-linux26 [ OK ] /usr/local/etc/rkhunter.conf [ OK ] Note the single slash at the start of the last line. Then I change the content of rkhunter.conf and run: # rkhunter --propupd /usr/local/etc/rkhunter.conf as I would expect to receive a warning otherwise (!?) But this returns: Filename is not in the "rkhunter.dat" file: /usr/local/etc/rkhunter.conf However: # tail -1 /var/lib/rkhunter/db/rkhunter.dat gives: File:usr/local/etc/rkhunter.conf:0db1e4bf8bc5847335d72b09b1482fdaa0d05cab:345126:0600:0:0:33811:1259527434:: Note the missing slash before 'usr', while all other paths in the dat file start with a slash. On the other hand, if I go to the system's root ( "/" ) and do it without the 1st slash: # rkhunter --propupd usr/local/etc/rkhunter.conf this returns: Relative file or directory name specified: usr/local/etc/rkhunter.conf But by none of the described actions is the rkhunter.dat file updated. So IMHO the mentioned file check [ OK ] for rkhunter.conf is not appropriate, because I think the check cannot have run. To fix stg that may have happened with an older version of rkh, I edit rkhunter.dat and add the missing slash. Now the command # rkhunter --propupd /usr/local/etc/rkhunter.conf Gives: [ Rootkit Hunter version 1.3.6 ] File updated: searched for 160 files, found 137 of 137 and the result is that rkhunter.dat is updated, including the data for rkhunter.conf. But: according to 'rkhunter --help', the option '--propud [ file ]' should only have updated only the specified entry in the db, not all entries. HTH Kind regards & happy new year, =Dick Gevers= ------------------------------------------------------------------------------ This SF.Net email is sponsored by the Verizon Developer Community Take advantage of Verizon's best-in-class app development support A streamlined, 14 day to market process makes app distribution fast and easy Join now and get one step closer to millions of Verizon customers http://p.sf.net/sfu/verizon-dev2dev _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
