On Tue, 2012-01-03 at 16:54 -0500, Tim Evans wrote: > On 01/03/2012 02:55 PM, John Horne wrote: > > On Tue, 2012-01-03 at 13:39 -0500, Tim Evans wrote: > >> On 01/03/2012 01:35 PM, John Horne wrote: > >>> On Tue, 2012-01-03 at 11:54 -0500, Tim Evans wrote: > >>>> Don't see this in the FAQ, or in the last year or so's worth of archived > >>>> messages, so... > >>>> > >>>> After running yum update on a RedHat 5.x system (or any other analogous > >>>> update tool), how do you re-set the rkhunter database to accept the > >>>> changed files? Something like tripwire's --update and --report-file > >>>> options. > >>>> > >>> Run 'rkhunter --propupd'. It's not mention as a FAQ, but the man page > >>> indicates when the '--propupd' option should be used: > >>> > >>> One of the checks rkhunter performs is to compare various current > >>> file properties of various commands, against those it has previously > >>> stored. This command option causes rkhunter to update its data file > >>> of stored values with the current values. > >> > >> Thanks for your response. Been there, done that, repeatedly. (This is > >> version 1.3.8, BTW.) > >> > >> The only thing I can find that truly cleans everything up is renaming > >> the db directory and re-installing, then running --propupd, then running > >> a normal scan. Surely, that's not the right way. > >> > > Certainly not! What is the actual problem that you are seeing? > > Thanks, again. What I'm seeing is reports of inconsistencies on the > day(s) after applying updates with yum--which is what I would expect to > see. --propupd does not make them go away, however. > > > Whenever automatic updates occur to your system, then just running > > 'rkhunter --propupd' should suffice. If the PKGMGR option in the config > > file is being used, then nothing should be required (the file checks are > > then done against the systems own databases, not against the RKH one). > > Turning on PKGMGR makes it even worse (that is, more files are flagged > in the daily cronjob report than without it). > Okay, I'm a bit lost as to why that happens.
Can you let me know what O/S you are using. Also if you have any rkhunter log files (usually in /var/log) which show the problem, could you email them to me (not the list) please. John. -- John Horne, Plymouth University, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
