(One thing not handled by the "cat /var/lib/dpkg/info/$P.list" approach
described above is symlinks, e.g. /usr/bin/mail.  These don't appear in
the dpkg .list file [as the actual executable files do], but when the
target of the symlink is changed then rkhunter will detect that as a
property mismatch on the symlink entry in rkhunter.dat as well as the
entry for the target.

I may be missing an easier approach, but one solution might be for the
post-invoke hook to check the rkhunter.dat file for other entries that
have the same hash value as the lines that it is planning to update, and
go ahead and add the file-paths for those entries to the --propupd line
as well.)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1451477

Title:
  /etc/apt/apt.conf.d/90rkhunter security loss

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rkhunter/+bug/1451477/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to