Re: rkhunter database update - which method is recommended?
On Wed, 12 Oct 2011 12:20:51 +0100, Ad L. wrote:
> Hello all,
Ad, most of your messages are going unthreaded and with no references nor
quotes of the replied message. How are you posting to this mailing
> a little while ago, I executed the 'rkhunter' hunter script as part of a
> random check. It gave me a warning about changed files, but as I checked
> synaptic's history, I found out that those files are part of packages
> that were updated.
> My intention is to find out how to build a trigger, either for apt or
> for dpkg, to update the rkhunter database after each package upgrade.
> Maybe it'd be smart to run rkhunter before updates as well, to catch the
> unauthorized changes that might be there.
> My question:
> should I focus on apt, or rather on dpkg? As far as I'm aware, both
> synaptic and aptitude rely on apt, but I feel that it's wise to handle
> any security-related issues as low-level as possible.
> Does anyone have other suggestions to consider?
There is a small reference at rkhunter readme file ("/usr/share/doc/
rkhunter/README.Debian.gz", "Hash Checks" section) about how to manage
the integrity of hashes, not sure if that can be of any help to your