On Tue, 2011-06-28 at 10:54 -0400, Tanstaafl wrote: > On 2011-06-27 5:24 PM, John Horne wrote: > > The stored time is the modification time on the file when '--propupd' > > was last used, not the time when '--propupd' was run. > > Ok, I guess I'm just dumb... > > What is the difference between 'using' --propupd and 'running' > --propupd? I thought its only purpose was to update these mod times so > that it thinks they are all good/safe? > When you run 'rkhunter --propupd' it creates a local database of the files to be monitored and records the modification date/time of each file. That date/time can be anything (7 May in your example), and comes from the file itself. The date/time is when the file was last modified by the operating system. Rkhunter does not modify the file date/time in any way. So, the modification time of a file comes from the file itself, and is not when 'rkhunter --propupd' was run.
> Also - any idea why I'm getting duplicates of every list message? > Nope, no idea. I'm not receiving duplicates, so it can't be the sourceforge mail servers unless you have something like 2 email addresses registered on the rkhunter mailing list or your local mail server doing something odd. John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
