Mailinglist Archive: opensuse-factory (649 mails)

< Previous Next >
Re: [opensuse-factory] Howto check installed packages with Rkhunter?
Martin Herkt wrote:
On 2017 M08 27, Sun 23:29:46 CEST Bjoern Voigt wrote:
I use Rkhunter to check the installed packages for unallowed modifications.
FWIW, RPM has this feature built in. Just use 'rpm -Va'. This verifies not
only the size, digest, permissions, type, owner and group of each file, but
also package signatures, and executes verfication scripts if a package has
one.

Shouldn’t this be good enough? I mean, anyone who could tamper with your
package database or rpm itself would also have the power to do that with
rkhunter.
One benefit of Rkhunter's RPM checking feature is, that it can save
confirmed RPM file changes. BTW, Rkhunter does not check the whole RPM
packages, but a list of binaries.

Reading the output of 'rpm -Va' means for instance on my desktop, that I
have to check hundreds of legitimate changes again and again.

Of course, there are alternatives for the file checking functions of
Rkhunter like AIDE. But probably (not checked) AIDE also has no
integration with the Zypper update process.

Greetings,
Björn
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >