Re: [Rkhunter-users] aptitude updates file properties automatically on one system but not another
Brought to you by:
dogsbody
From: Mike M. <Mik...@sb...> - 2009-06-17 16:53:30
|
Dick Gevers wrote: > On Tue, 16 Jun 2009 13:46:53 -0500, Mike McCarty wrote about Re: > [Rkhunter-users] aptitude updates file properties automatically on one > system but not another: [...] >> I use RPM, so I can't say what happens about Ubuntu, which I believe >> uses DPKG, but telling it to use the package manager information is >> not the same as telling it to ignore all changes, at least on my >> machine. >> >>> I'd rather be warned of all hash changes and determine by myself whether >>> they are a result of such updates or if they are potentially unwarranted >>> changes. >> That's what my setup does. It queries the package manager. It also >> complains if other changes take place the package manager doesn't >> approve. > > Aye. What I meant is: if Brian has 300 packages, let's call them 1 thru 300, > and Ubuntu updates packages 3, 190 and 250 and Brian's box runs an rkhunter > hashupdate right after that, Brian will miss when a rootkit has 'fixed' > package no. 13. Thanks for that clarication. That isn't what I inferred, and it also isn't something I'd recommend, either. It also isn't something that happens on my machine. Mike -- p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);} Oppose globalization and One World Governments like the UN. This message made from 100% recycled bits. You have found the bank of Larn. I speak only for myself, and I am unanimous in that! |