Re: [Rkhunter-users] aptitude updates file properties automatically on one system but not another
Brought to you by:
dogsbody
From: Mike M. <Mik...@sb...> - 2009-06-16 18:47:02
|
Dick Gevers wrote: > On Tue, 16 Jun 2009 10:59:17 -0400, Brian McKee wrote about > [Rkhunter-users] aptitude updates file properties automatically on one > system but not another: > >> I have rkhunter running on a bunch of Ubuntu 8.04 machines. >> >> On all of them but one, when system updates are done via the package >> manager, rkhunter's info gets updated too - e.g. when cron was >> recently updated, rkhunter never issued a warning because the new >> hash sum was already known. > > IMNSHO that is not a quite safe setup: if you tell rkhunter to > automatically update your hashes after ubuntu has been updated, it will > also not warn for hash changes that are not due to a regular package manager > update. I use RPM, so I can't say what happens about Ubuntu, which I believe uses DPKG, but telling it to use the package manager information is not the same as telling it to ignore all changes, at least on my machine. > I'd rather be warned of all hash changes and determine by myself whether > they are a result of such updates or if they are potentially unwarranted > changes. That's what my setup does. It queries the package manager. It also complains if other changes take place the package manager doesn't approve. If the setup is as you infer, then I agree with your assessment, but I'm not sure that's the way it is. Another thing to ponder is, rkhunter, nice as it is, isn't enough in itself. I also use chkrootkit and tripwire. So, even if there is some small degree of looseness in informing rkhunter of the package manager (is there?) one shouldn't be relying upon rkhunter as one's sole watchdog, anyway. Mike -- p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);} Oppose globalization and One World Governments like the UN. This message made from 100% recycled bits. You have found the bank of Larn. I speak only for myself, and I am unanimous in that! |