On Tue, January 3, 2012 at 4:37:52 PM John Horne wrote:
> On Tue, 2012-01-03 at 16:54 -0500, Tim Evans wrote:
> > On 01/03/2012 02:55 PM, John Horne wrote:
> > > On Tue, 2012-01-03 at 13:39 -0500, Tim Evans wrote:
> > >> On 01/03/2012 01:35 PM, John Horne wrote:
> > >>> On Tue, 2012-01-03 at 11:54 -0500, Tim Evans wrote:
> > >>>> Don't see this in the FAQ, or in the last year or so's worth of
>archived
> > >>>> messages, so...
> > >>>>
> > >>>> After running yum update on a RedHat 5.x system (or any other
analogous
> > >>>> update tool), how do you re-set the rkhunter database to accept the
> > >>>> changed files? Something like tripwire's --update and --report-file
> > >>>> options.
> > >>>>
> > >>> Run 'rkhunter --propupd'. It's not mention as a FAQ, but the man page
> > >>> indicates when the '--propupd' option should be used:
> > >>>
> > >>> One of the checks rkhunter performs is to compare various
>current
> > >>> file properties of various commands, against those it has
>previously
> > >>> stored. This command option causes rkhunter to update its data
file
> > >>> of stored values with the current values.
> > >>
> > >> Thanks for your response. Been there, done that, repeatedly. (This is
> > >> version 1.3.8, BTW.)
> > >>
> > >> The only thing I can find that truly cleans everything up is renaming
> > >> the db directory and re-installing, then running --propupd, then running
> > >> a normal scan. Surely, that's not the right way.
> > >>
> > > Certainly not! What is the actual problem that you are seeing?
> >
> > Thanks, again. What I'm seeing is reports of inconsistencies on the
> > day(s) after applying updates with yum--which is what I would expect to
> > see. --propupd does not make them go away, however.
> >
> > > Whenever automatic updates occur to your system, then just running
> > > 'rkhunter --propupd' should suffice. If the PKGMGR option in the config
> > > file is being used, then nothing should be required (the file checks are
> > > then done against the systems own databases, not against the RKH one).
> >
> > Turning on PKGMGR makes it even worse (that is, more files are flagged
> > in the daily cronjob report than without it).
> >
> Okay, I'm a bit lost as to why that happens.
>
> Can you let me know what O/S you are using. Also if you have any
> rkhunter log files (usually in /var/log) which show the problem, could
> you email them to me (not the list) please.
I'm guessing that Tim is specifying PKGMGR when running -propupd but not when
running the check, which will generate many more errors than running without
PKGMGR at all. I made the same mistake when I first began using rkhunter.
--
F. Wayne Brown <fwbr...@bellsouth.net>
Þæs ofereode, ðisses swa mæg. ("That passed away, this also can.")
from "Deor," in the Exeter Book (folios 100r-100v)
------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual
desktops for less than the cost of PCs and save 60% on VDI infrastructure
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
