Wouldn't
rkhunter --enable properties rkhunter --propupd
as substitute for /usr/share/rkhunter/scripts/rkhupd.sh be a reasonable
workaround?
It would run the database update only in case the concerned binaries were not
manipulated in the meantime.
--
You received this bug notification
The manpage for apt.conf doesn't mention any parameters (such as the
package names) that can passed to the DPkg::Post-Invoke hook.
Yeah, I agree that the DPkg::Post-Invoke hook doesn't seem to be passed
any useful info
I see that there is a Pre-Install-Pkgs hook, which is passed the list of
(One thing not handled by the cat /var/lib/dpkg/info/$P.list approach
described above is symlinks, e.g. /usr/bin/mail. These don't appear in
the dpkg .list file [as the actual executable files do], but when the
target of the symlink is changed then rkhunter will detect that as a
property mismatch
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: rkhunter (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1451477
Title:
Getting the automatic update to be restricted to only the files actually
part of the upgraded package certainly makes sense.
However, when I experimented with this I found the package name option
only works if the rkhunter.dat file was originally built using the DPKG
value for the --pkgmgr, which
I'm not sure whether or not this is technically possible.
The manpage for apt.conf doesn't mention any parameters (such as the
package names) that can passed to the DPkg::Post-Invoke hook.
If someone can find a clean way to do it, I think it's a good idea.
--
You received this bug notification