That is outside of the scope of rkhunter. The recommended practice is to
start using rkhunter on a known-good system.
If you want the correct signatures for a known-good Ubuntu 16.04 server,
you can spin one one in a VM, fully patch it, and then compare file
signatures between that server and yours.
If you are concerned your box is compromised, there is always the safe
approach of rebuilding it from a known-good state.
Mark
On Tue, Apr 3, 2018 at 9:24 AM Chip <jeffsch...@gmail.com> wrote:
> New to rkhunter.
>
> What is the logic behind using propupd with a system that is already or
> potentially compromised?
>
> It would seem that a lot of people arrive at rkhunter suspicious that
> their system has already been compromised.
>
> So how does someone actually update with propupd against *known* good
> signatures that reside *outside* their box?
>
> Thank you.
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Rkhunter-users mailing list
> Rkhunter-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/rkhunter-users
>
--
*Mark StosbergSenior Systems Engineer | RideAmigos
<https://rideamigos.com/> | 765-277-1916 | m...@rideamigos.com
<m...@rideamigos.com>*
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
