On Tue, 2012-01-03 at 13:39 -0500, Tim Evans wrote: > On 01/03/2012 01:35 PM, John Horne wrote: > > On Tue, 2012-01-03 at 11:54 -0500, Tim Evans wrote: > >> Don't see this in the FAQ, or in the last year or so's worth of archived > >> messages, so... > >> > >> After running yum update on a RedHat 5.x system (or any other analogous > >> update tool), how do you re-set the rkhunter database to accept the > >> changed files? Something like tripwire's --update and --report-file > >> options. > >> > > Run 'rkhunter --propupd'. It's not mention as a FAQ, but the man page > > indicates when the '--propupd' option should be used: > > > > One of the checks rkhunter performs is to compare various current > > file properties of various commands, against those it has previously > > stored. This command option causes rkhunter to update its data file > > of stored values with the current values. > > Thanks for your response. Been there, done that, repeatedly. (This is > version 1.3.8, BTW.) > > The only thing I can find that truly cleans everything up is renaming > the db directory and re-installing, then running --propupd, then running > a normal scan. Surely, that's not the right way. > Certainly not! What is the actual problem that you are seeing?
Whenever automatic updates occur to your system, then just running 'rkhunter --propupd' should suffice. If the PKGMGR option in the config file is being used, then nothing should be required (the file checks are then done against the systems own databases, not against the RKH one). John. -- John Horne, Plymouth University, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
