I have a small issue with rkhunter and how --propupd works.
I run 20+ servers with CentOS 5.9 and 6.3 and I have a small problem with
the way rootkithunter decides whether to report /etc/passwd and /etc/group
changes. Last week I ran some updates to the system which added some users.
I religiously run rkhunter --propupd after installing, but invariably I will
get a warning email about /etc/passwd and or /etc/group having changed.
While I understand that it is an important change on a system, having run
the property update should indicate that the system is in a known state, and
I don't need to get warnings. I can run the propupd command two or three
times, but it will always send me a warning email, afterwards, it will stay
quiet. I just don't need 20+ emails every time I make a change to my
servers.
I can set excludes for group_changes and passwd_changes, but that would
obviously remove half the reason for running rkhunter. I s there any other
way I can tell rkhunter to not warn me, a -no-I'm-really-serious-don't
-warn-me flag after propupd maybe?
Thanks in advance,
Nick
------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire
the most talented Cisco Certified professionals. Visit the
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
