Re: [Rkhunter-users] confusion on propupd

Tue, 03 Apr 2018 07:49:41 -0700 

That actually sounds like a good idea - I hadn't thought of the VM
approach!  Thank you.

Could I do as you suggested and then rather than compare signature by
signature which would be onerous, somehow export the signatures from the
known-good to the considered-bad?  And if so, what would be the process
for that?

On 04/03/2018 10:42 AM, Mark Stosberg wrote:
>
> That is outside of the scope of rkhunter. The recommended practice is
> to start using rkhunter on a known-good system.
>
> If you want the correct signatures for a known-good Ubuntu 16.04
> server, you can spin one one in a VM, fully patch it, and then compare
> file signatures between that server and yours. 
>
> If you are concerned your box is compromised, there is always the safe
> approach of rebuilding it from a known-good state.
>
>     Mark
>
> On Tue, Apr 3, 2018 at 9:24 AM Chip <jeffsch...@gmail.com
> <mailto:jeffsch...@gmail.com>> wrote:
>
>     New to rkhunter.
>
>     What is the logic behind using propupd with a system that is
>     already or
>     potentially compromised?
>
>     It would seem that a lot of people arrive at rkhunter suspicious that
>     their system has already been compromised.
>
>     So how does someone actually update with propupd against *known* good
>     signatures that reside *outside* their box?
>
>     Thank you.
>
>     
> ------------------------------------------------------------------------------
>     Check out the vibrant tech community on one of the world's most
>     engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>     _______________________________________________
>     Rkhunter-users mailing list
>     Rkhunter-users@lists.sourceforge.net
>     <mailto:Rkhunter-users@lists.sourceforge.net>
>     https://lists.sourceforge.net/lists/listinfo/rkhunter-users
>
> -- 
> *
>
> *Mark Stosberg*
>
>
> Senior Systems Engineer | RideAmigos <https://rideamigos.com/> |
> 765-277-1916 | m...@rideamigos.com <mailto:m...@rideamigos.com>
>
> *


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to