Getting the automatic update to be restricted to only the files actually part of the upgraded package certainly makes sense.
However, when I experimented with this I found the <package name> option only works if the rkhunter.dat file was originally built using the DPKG value for the --pkgmgr, which isn't the default configuration for the Ubuntu package. (In fact, the rkhunter.conf file specifically explains "NONE is the default for Debian as well, as running --propupd takes about 4 times longer when it's set to DPKG".) Additionally, I noticed that switching to a --pkgmgr DPKG database means that the file hash is also changed from the default of sha1 to using md5 instead. However, for what it's worth, if I found that given the name of the package that has been updated I can build a command line explicitly listing the files that rkhunter should include in it's --propupd run, thus (hopefully) accomplishing the same goal without relying on the --pkgmgr function. I did this by first finding a list of all the file names that are found in both the package and the rkhunter database, then replacing the spaces in the space-separated list with commas to get the command line that rkhunter expects. So, for example, after updating the coreutils package, I ran: # FILELIST="$(cat /var/lib/dpkg/info/coreutils.list /var/lib/rkhunter/db/rkhunter_prop_list.dat | sort | uniq -d)" # FILELIST="echo $FILELIST| sed -e "s/ /,/g" # rkhunter --propupd $FILELIST [ Rootkit Hunter version 1.3.6 ] File updated: searched for 162 files, found 41 of 136 (If more than one package was updated, the first line above can be replaced with: # FILELIST=""; for P in bsd-mailx binutils sudo dpkg ; do FILELIST="$FILELIST $(cat /var/lib/dpkg/info/$P.list /var/lib/rkhunter/db/rkhunter_prop_list.dat | sort | uniq -d)"; done to get a combined list.) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1451477 Title: /etc/apt/apt.conf.d/90rkhunter security loss To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/rkhunter/+bug/1451477/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
