On Sun, Jan 11, 2009 at 4:06 PM, Gene Heskett <gene.hesk...@verizon.net>wrote:
> On Sunday 11 January 2009, Kevin Fenzi wrote: > >On Thu, 08 Jan 2009 20:29:49 +0000 > > > >John Horne <john.ho...@plymouth.ac.uk> wrote: > >> On Thu, 2009-01-08 at 15:22 -0500, Gene Heskett wrote: > >> > On Thursday 08 January 2009, John Horne wrote: > > > >...snip... > > > >> > Should the rpm installer have over written them? I dunno, there > >> > could be problems intro'd either way in this case. > >> > >> The rkhunter installer will not overwrite anything in /etc. The copies > >> it takes of the files are for its own use and put into a separate > >> secure directory. It is those files it looks for. > >> > >> Looking at the rkhunter 1.3.2 rpm spec file (as used for the Fedora > >> package), it does not seem to take an initial copy of the files. So > >> that would explain why you got the initial warning. However, as has > >> already been replied, the spec file for 1.3.4 FC10 does do this > >> initial copy (although I cannot personally verify that). > > > >Nope. Neither one does that. You need to run 'rkhunter --propupd' to > >get it to make copies of passwd/shadow and save file properties. > > > >The reason for that is that the package can't know anything about how > >much you trust your current install when it's installed. It's up to you > >to run the --propupd and tell it that you think the system is clean and > >that everything should be saved. > > > >> John. > > > >kevin > > At the time I posted the original message, I had already done that with > 1.3.2, > so I built 1.3.4, which did apparently do that properly when that operation > was repeated. > > I have run rkhunter --propupd many times, I do have a copy of group and passwd in /var/run/rkhunter, but I always receive an email saying that there is no copy of group and passwd. Upgrading to 1.3.4 did not change anything. This happens on every computer I have rkhunter installed. -- Paulo Roma Cavalcanti LCG - UFRJ
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines