rkhunter database update - which method is recommended?

To: debian-user@lists.debian.org
Subject: rkhunter database update - which method is recommended?
From: "Ad L." <mrd.debiannews@gmail.com>
Date: Wed, 12 Oct 2011 12:20:51 +0100
Message-id: <[🔎] CAO8t=bZoQVZ4T9_KkLoxqJ9YDL_M_1cVX8f=9JGUQf2peTRErQ@mail.gmail.com>

Hello all,

a little while ago, I executed the 'rkhunter' hunter script as part of
a random check. It gave me a warning about changed files, but as I
checked synaptic's history, I found out that those files are part of
packages that were updated.

My intention is to find out how to build a trigger, either for apt or
for dpkg, to update the rkhunter database after each package upgrade.
Maybe it'd be smart to run rkhunter before updates as well, to catch
the unauthorized changes that might be there.

My question:
should I focus on apt, or rather on dpkg? As far as I'm aware, both
synaptic and aptitude rely on apt, but I feel that it's wise to handle
any security-related issues as low-level as possible.

Does anyone have other suggestions to consider?


Regards,

Ad

Reply to:

Follow-Ups:
- Re: rkhunter database update - which method is recommended?
  - From: Camaleón <noelamac@gmail.com>

Prev by Date: Re: Is there any issue with reportbug in unstabl or bugs.debian.org?
Next by Date: Re: Use of dpkg
Previous by thread: Re: mrtg config
Next by thread: Re: rkhunter database update - which method is recommended?
Index(es):
- Date
- Thread