Mailinglist Archive: opensuse-factory (242 mails)

[Andreas Vetter <vetter@xxxxxxxxxxxxxxxxxxxxxxx>]

On Thu, 22 Nov 2007, David Bolt wrote:

> 1.3.0 doesn't know _any_ md5sums. That's the purpose of the --propupd
> option. The --propupd option creates the reference file containing the
> md5sums, and should be called as soon as possible after the initial
> installation.

thank you, I didn't know. And another --propupd after every update of a 
binary that is scanned by --propupd. 

So we need to keep track of the rpms that contain such binaries. Then put 
some code in the postinstall of those rpms (at least coreutils) that 
checks if rkhunter is installed and if so finally runs rkhunter --propupd.

I don't think it should be a SuSEconfig script like the ldconfig thing. 
This would run too often and could make replaced binaries trusted.

-- 
Andreas Vetter
Fakultaet fuer Physik und Astronomie
Universitaet Wuerzburg              
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx