Hi there, On Tue, 14 Apr 2015, Skirpan Jr, Stephen J Jr CTR DISA PEO-C2C (US) wrote:
> Our Linux platforms cannot connect to the public Internet. Is there > a way to download RKHunter definition updates to a Windows platform > that can connect to your site and move them on to our Linux > platforms? Or, would we have to wait for the next RKHunter version > release to obtain updated definitions? There must certainly be many ways to achieve what you want. You do not have to wait for an updated rkhunter version although you might have to wait quite a while for updates to the data in any case; on my Debian laptop I just installed rkhunter from the Debian repository and then ran the update. It found no data file updates to do although the Debian repository has only version 1.4.0 and not the latest version (1.4.2) which is found on Sourceforge. laptop3:~# >>> apt-get install rkhunter ... laptop3:~# >>> rkhunter --update ... laptop3:~# >>> grep Version /var/lib/rkhunter/db/*dat /var/lib/rkhunter/db/backdoorports.dat:Version:2010111401 /var/lib/rkhunter/db/mirrors.dat:Version:2007060601 /var/lib/rkhunter/db/programs_bad.dat:Version:2010111601 /var/lib/rkhunter/db/rkhunter.dat:Version:2015041401 /var/lib/rkhunter/db/suspscan.dat:Version:2009112901 Look in the rkhunter log (probably /var/log/rkhunter.log) to see the commands used by rkhunter for updates to data files. It's simple. On an Internet-connected machine you could download data files individually in the same way that rkhunter does itself, for example on a Linux machine I could run: /usr/bin/wget -O programs_bad.dat http://rkhunter.sourceforge.net/1.3/programs_bad.dat or using a graphical browser, paste the URL into the location bar and save the resulting text file. In view of the very low rate of updates to rkhunter I would think that it would not be too arduous to update your systems entirely manually. You could download and install the Debian package if you use Debian or a Debian-based distribution, for example after downloading the 'deb' file (which is really just like a tar archive) the command dpkg -i rkhunter_1.4.0-1_all.deb (run by the 'root' user of course) will install the package. You could download the latest source from Sourceforge, build it and update it, then make your own Debian package and install that on the other systems. You could use one of your Linux platforms as a 'local mirror' - there are brief details in the configuration file, which will probably be in /etc/rkhunter.conf on your systems. Search for 'mirror' in the configuration file. Finally in the files/contrib/ directory of the source tarball there's rkhunter_remote_howto.txt which you might like to investigate although it might be more work and perhaps less secure than you'd be happy with. HTH -- 73, Ged. ------------------------------------------------------------------------------ BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
