On Thu, 22 Nov 2007, Andreas Vetter wrote:-
On Thu, 22 Nov 2007, David Bolt wrote:
1.3.0 doesn't know _any_ md5sums. That's the purpose of the --propupd option. The --propupd option creates the reference file containing the md5sums, and should be called as soon as possible after the initial ^^^^^^^ Gah! That should be sha1sums, unless you change the defaults.
installation.
thank you, I didn't know. And another --propupd after every update of a binary that is scanned by --propupd.
That's probably the best way of doing it.
So we need to keep track of the rpms that contain such binaries.
Yes.
Then put some code in the postinstall of those rpms (at least coreutils) that checks if rkhunter is installed and if so finally runs rkhunter --propupd.
Except that doing that would/could add a dependency for rkhunter that may no be a good thing. I think the best way would be to add a check to the %post so that rkhunter --propupd is run after the initial installation. Then root can perform a scan to see if any unexpected files have changed and, if not, then run rkhunter --propupd manually. The trouble with that is that it's another thing root has to remember to do after an update.
I don't think it should be a SuSEconfig script like the ldconfig thing. This would run too often and could make replaced binaries trusted.
The joys of system security :| Regards, David Bolt -- Team Acorn: http://www.distributed.net/ OGR-P2 @ ~100Mnodes RC5-72 @ ~15Mkeys | SUSE 10.1 32bit | openSUSE 10.2 32bit | openSUSE 10.3 32bit SUSE 10.0 64bit | SUSE 10.1 64bit | openSUSE 10.2 64bit | RISC OS 3.11 | RISC OS 3.6 | TOS 4.02 | openSUSE 10.3 PPC --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org