Re: [Rkhunter-users] rkhunter --propupd not working?
Brought to you by:
dogsbody
Menu
▾
▴
Re: [Rkhunter-users] rkhunter --propupd not working?
|
From: John H. <joh...@pl...> - 2011-06-28 19:41:02
|
On Tue, 2011-06-28 at 14:26 -0400, Tanstaafl wrote: > On 2011-06-28 1:27 PM, John Horne wrote: > > When you run 'rkhunter --propupd' it creates a local database of the > > files to be monitored and records the modification date/time of each > > file. That date/time can be anything (7 May in your example), and comes > > from the file itself. The date/time is when the file was last modified > > by the operating system. Rkhunter does not modify the file date/time in > > any way. So, the modification time of a file comes from the file itself, > > and is not when 'rkhunter --propupd' was run. > > Right - so, even if a files properties had changed, running --propupd > reset rkhunters database so it should no longer think it is changed, > correct? > Correct. So when you then run 'rkhunter --propupd' again it compares the time value in the rkhunter database against that on the file itself. If both are the same, then the file hasn't changed since 'rkhunter --propupd' was last run. John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 |