On (08/10/07 11:58), Gilles Mocellin wrote: > Le Monday 08 October 2007 10:43:06 David A., vous avez écrit : > > starting oct. 2nd rkhunter has started to log warings about changed > > files. > > At first i thought "ok" it's probably because I usualy do a "aptitude > > full-upgrade" once every day or so ... > > Can anyone help me veirfy this as a false positive or a real problem? > [...] > > Same here. > I don't think it's a real problem, but it's anoying. > How can we trust rkhunter during that time ? > > I wonder how to reinitialise its file hash database ?
I too had all those warnings after my weekly update. After poking
around some, I decided that it was a false positive, due to updating
this and that. Still, I agree that it was worrying; I'm relieved to
hear others had the same warnings.
To reinitialize rkhunter, here's how, from the man page:
--propupd
One of the checks rkhunter performs is to compare various
current file properties of various commands, against those it
has previously stored. This command option causes rkhunter to
update its data file of stored values with the current val-
ues.
WARNING: It is the users responsibility to ensure that the
files on the system are genuine and from a reliable source.
rkhunter can only report if a file has changed, but not on
what has caused the change. Hence, if a file has changed, and
the --propupd command option is used, then rkhunter will
assume that the file is genuine.
HTH.
--
[EMAIL PROTECTED]
219 East Beck Street
Columbus, OH 43206
home: 1-614-228-3623; cell: 1-614-477-6724
====================================================
GPG key 1024D/99421A63 2005-01-05
EE51 79E9 F244 D734 A012 1CEC 7813 9FE9 9942 1A63
gpg --keyserver subkeys.pgp.net --recv-keys 99421A63
signature.asc
Description: Digital signature
