On Tue, 2011-06-28 at 14:26 -0400, Tanstaafl wrote: > On 2011-06-28 1:27 PM, John Horne wrote: > > When you run 'rkhunter --propupd' it creates a local database of the > > files to be monitored and records the modification date/time of each > > file. That date/time can be anything (7 May in your example), and comes > > from the file itself. The date/time is when the file was last modified > > by the operating system. Rkhunter does not modify the file date/time in > > any way. So, the modification time of a file comes from the file itself, > > and is not when 'rkhunter --propupd' was run. > > Right - so, even if a files properties had changed, running --propupd > reset rkhunters database so it should no longer think it is changed, > correct? > Correct. So when you then run 'rkhunter --propupd' again it compares the time value in the rkhunter database against that on the file itself. If both are the same, then the file hasn't changed since 'rkhunter --propupd' was last run.
John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
