#38 Please add a --list propfiles option

main
closed-fixed
rkhunter (35)
5
2011-11-11
2010-12-19
No

Hi,

It would be useful to have a --list propfiles option.
This would allow me to improve the way the Debian package invokes --propupd only when tracked files are updated.

I attach a sample patch implementing a draft for this feature.

Cheers,
Julien

Discussion

  • John Horne

    John Horne - 2011-01-12
    • assigned_to: nobody --> jhorne
    • status: open --> pending
     
  • John Horne

    John Horne - 2011-01-12

    I'm not sure what the value of this is. Why do you need to see what is in the file properties file?

     
  • Julien Valroff

    Julien Valroff - 2011-01-22
    • status: pending --> open
     
  • Julien Valroff

    Julien Valroff - 2011-01-22

    Well, always in the scope of (Debian) packaging, that would allow package maintainer to trigger automatic update of the file properties database only when a tracked file is updated.

    Cheers,
    Julien

     
  • unSpawn

    unSpawn - 2011-02-13

    Just thinking out loud: since Apt allows for post-processing and this appears to be Debian-centric (rpm-based package managers don't allow for post-processing the apt way), why not create a "/etc/apt/apt.conf.d/99rkhunter" and issue a "DPkg::Post-Invoke" like /etc/apt/apt.conf.d/90debsums does?

     
  • Julien Valroff

    Julien Valroff - 2011-02-13

    Hi,

    It already exists ;)

    Now, the idea would be to use --propupd with a <filename> argument so that it is only run when a package containing a "watched" file is updated.

    This way, --propupd is run only when necessary and for what it is necessary.

    Cheers,
    Julien

     
  • John Horne

    John Horne - 2011-02-15

    I see no real problem with adding this. The '--list' option was devised just to allow the user to easily get some info that RKH uses. As such adding another option to it is not really a problem, and the required amount of code is very small.
    I'll take a look at the patch again and see what can be done.

     
  • John Horne

    John Horne - 2011-02-17

    The patch as it stands will only list the list of filenames internal to RKH. It includes those that do not exist, as well as those that do. The list does not include those provided by the user (via the config file), which in turn may be wildcarded.

    In that respect it is not an accurate list of files that RKH is checking. It would probably be better to simply list the files as found in the existing rkhunter.dat file (displaying just the basename part, and running through 'uniq' and 'sort'). Does that sound reasonable?

     
  • Julien Valroff

    Julien Valroff - 2011-02-17

    Hi,

    You are right, I haven't paid attention to this when working on the patch.

    rkhunter.dat won't contain any entry for a file which isn't yet installed on the system. As I would like to use the results of this test when the sysadmin updated the system or installs a new package, that couldn't work in the latter case.

    Wouldn't it be easier to write a function which could also be used when --propupd is run in order to avoid duplicate code?

    Cheers,
    Julien

     
  • John Horne

    John Horne - 2011-02-17

    > rkhunter.dat won't contain any entry for a file which isn't yet installed
    > on the system.
    >
    That's not quite true. The EXISTWHITELIST option allows a user to specify files which may not exist. As such an entry could be in rkhunter.dat but the file not exist on the system (and vice-versa). However, I'm not sure that is relevant for 'installed' files, it is mainly there for odd files that the user may be using.

    > Wouldn't it be easier to write a function which could also be used when
    > --propupd is run in order to avoid duplicate code?
    >
    You lost me there. What function - to do what? List out the files? So you would want to run --propupd and have the files listed?

     
  • John Horne

    John Horne - 2011-11-11

    Fixed in CVS.

    Fortunately the code was already present in functions, so the final solution was quite simple.
    Because a long list is produced if '--list' is given on its own, then the list is not displayed.

     
  • John Horne

    John Horne - 2011-11-11
    • status: open --> closed-fixed
     

Log in to post a comment.