Le mardi 09 octobre 2007 à 00:00 +0200, Jörg Sommer a écrit : > Hallo Julien, > > Julien Valroff schrieb am Sun 07. Oct, 20:01 (+0200): > > Le dimanche 07 octobre 2007 à 16:17 +0200, Jörg Sommer a écrit : > > > rkhunter --propupd is fast enough to be run after every install. > > > Therefore, I propose to include a file /etc/apt/apt.conf.d/90rkhunter to > > > run the command after every install or remove. > > > > Thanks, I have included the file, but prefer commenting it out for now: > > > > 1/ --propupd can be quite slow on older system (it is on one of my > > vserver) > > Do you have debsums installed? How fast/slow is debsums compared with > rkhunter?
I do not have debsums installed on this particular vserver which is in production, but here is the results for running '--propupd' on it: time rkhunter --propupd [ Rootkit Hunter version 1.3.0 ] File updated: searched for 150 files, found 125 real 0m52.257s user 0m2.050s sys 0m3.201s > > 2/ Some people might want to disable the hash tests, and though it is > > quite easy to check if the test is enabled or not, I think it would not > > be worse checking all this after each apt call. > > I saw debsums use a debconf question for it. Maybe you can steal the > code. :) Added, will be committed to SVN tonight, still need to get Micah's review for this. The default is to not enable this feature, and the template explains why. Cheers, Julien
