On 2017 M08 27, Sun 23:29:46 CEST Bjoern Voigt wrote:
I use Rkhunter to check the installed packages for unallowed modifications. FWIW, RPM has this feature built in. Just use 'rpm -Va'. This verifies not only the size, digest, permissions, type, owner and group of each file, but also package signatures, and executes verfication scripts if a package has one.
Shouldn’t this be good enough? I mean, anyone who could tamper with your package database or rpm itself would also have the power to do that with rkhunter. One benefit of Rkhunter's RPM checking feature is, that it can save confirmed RPM file changes. BTW, Rkhunter does not check the whole RPM
Martin Herkt wrote: packages, but a list of binaries. Reading the output of 'rpm -Va' means for instance on my desktop, that I have to check hundreds of legitimate changes again and again. Of course, there are alternatives for the file checking functions of Rkhunter like AIDE. But probably (not checked) AIDE also has no integration with the Zypper update process. Greetings, Björn -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org