Mailinglist Archive: opensuse-factory (649 mails)

< Previous Next >
Re: [opensuse-factory] Howto check installed packages with Rkhunter?
On mardi, 29 août 2017 14.51:45 h CEST Carlos E. R. wrote:
On 2017-08-29 13:58, Bruno Friedmann wrote:
On mardi, 29 août 2017 13.00:02 h CEST Carlos E. R. wrote:
On 2017-08-27 23:29, Bjoern Voigt wrote:
I use Rkhunter to check the installed packages for unallowed
modifications.

Unfortunately by default, Rkhunter also reports all official openSUSE
Tumbleweed updates. E.g.

I don't think you can use rkhunter on TW.

The wikipedia describes what it does as:

rkhunter (Rootkit Hunter) is a Unix-based tool that scans for rootkits,
backdoors and possible local exploits. It does this by comparing SHA-1
hashes of important files with known good ones in online databases,
searching for default directories (of rootkits), wrong permissions,
hidden files, suspicious strings in kernel modules, and special tests
for Linux and FreeBSD.


The database simply can not keep up, unless some process at the openSUSE
build system would upload new hashes at the same time the rpms are
published.

Before stating this kind of remarks, could you use man rkhunter and try to
understand how the software work.

Then explain it.

Not me the authors :-)
https://linux.die.net/man/8/rkhunter


--

Bruno Friedmann
Ioda-Net Sàrl www.ioda-net.ch
Bareos Partner, openSUSE Member, fsfe fellowship
GPG KEY : D5C9B751C4653227
irc: tigerfoot


--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups