Mailinglist Archive: opensuse-factory (242 mails)
| < Previous | Next > |
Re: [opensuse-factory] rkhunter 1.3.0
- From: David Bolt <bcrafhfr-rqtr@xxxxxxxxxx>
- Date: Thu, 22 Nov 2007 15:27:34 +0000
- Message-id: <GvRjwUCm$ZRHFwc5@xxxxxxxxxxxxxxxxxxx>
On Thu, 22 Nov 2007, Andreas Vetter wrote:-
Gah! That should be sha1sums, unless you change the defaults.
That's probably the best way of doing it.
Yes.
Except that doing that would/could add a dependency for rkhunter that
may no be a good thing. I think the best way would be to add a check to
the %post so that rkhunter --propupd is run after the initial
installation. Then root can perform a scan to see if any unexpected
files have changed and, if not, then run rkhunter --propupd manually.
The trouble with that is that it's another thing root has to remember to
do after an update.
The joys of system security :|
Regards,
David Bolt
--
Team Acorn: http://www.distributed.net/ OGR-P2 @ ~100Mnodes RC5-72 @ ~15Mkeys
| SUSE 10.1 32bit | openSUSE 10.2 32bit | openSUSE 10.3 32bit
SUSE 10.0 64bit | SUSE 10.1 64bit | openSUSE 10.2 64bit |
RISC OS 3.11 | RISC OS 3.6 | TOS 4.02 | openSUSE 10.3 PPC
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
On Thu, 22 Nov 2007, David Bolt wrote:^^^^^^^
1.3.0 doesn't know _any_ md5sums. That's the purpose of the --propupd
option. The --propupd option creates the reference file containing the
md5sums, and should be called as soon as possible after the initial
Gah! That should be sha1sums, unless you change the defaults.
installation.
thank you, I didn't know. And another --propupd after every update of a
binary that is scanned by --propupd.
That's probably the best way of doing it.
So we need to keep track of the rpms that contain such binaries.
Yes.
Then put
some code in the postinstall of those rpms (at least coreutils) that
checks if rkhunter is installed and if so finally runs rkhunter --propupd.
Except that doing that would/could add a dependency for rkhunter that
may no be a good thing. I think the best way would be to add a check to
the %post so that rkhunter --propupd is run after the initial
installation. Then root can perform a scan to see if any unexpected
files have changed and, if not, then run rkhunter --propupd manually.
The trouble with that is that it's another thing root has to remember to
do after an update.
I don't think it should be a SuSEconfig script like the ldconfig thing.
This would run too often and could make replaced binaries trusted.
The joys of system security :|
Regards,
David Bolt
--
Team Acorn: http://www.distributed.net/ OGR-P2 @ ~100Mnodes RC5-72 @ ~15Mkeys
| SUSE 10.1 32bit | openSUSE 10.2 32bit | openSUSE 10.3 32bit
SUSE 10.0 64bit | SUSE 10.1 64bit | openSUSE 10.2 64bit |
RISC OS 3.11 | RISC OS 3.6 | TOS 4.02 | openSUSE 10.3 PPC
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx
| < Previous | Next > |