#30 [PATCH]: use RPM metadata even if no entry in rkhunter.dat

main
closed-rejected
John Horne
rkhunter (35)
5
2009-08-27
2009-01-20
Jan Iven
No

If one "vital" binary (i.e. on of those checked explicitly for
attributes etc) is added later to a machine without running --propupd,
rkhunter just warns about the file (and will not use e.g. RPM data to
verify that the file is correct). This patch simply substitutes
dummy "rkhunter.dat" information in the case that RPM metadata will be
used anyway. This dummy data will not get used at all, but enables the
per-file checks later on.

Discussion

  • unSpawn
    unSpawn
    2009-08-27

    The file warning is to indicate that a file *has* been added/removed. RKH expects the majority of its users would want to know if something changed on the system rather than just assume it is okay by allowing the pkgmgr to provide data. The test of a file is not just of its properties but whether it exists or not compared to whether it existed or not previously. As such we cannot accept the patch.

     
  • unSpawn
    unSpawn
    2009-08-27

    • labels: --> rkhunter
    • milestone: --> main
    • assigned_to: nobody --> jhorne
    • status: open --> closed-rejected