Re: rkhunter database update - which method is recommended?

To: debian-user@lists.debian.org
Subject: Re: rkhunter database update - which method is recommended?
From: Camaleón <noelamac@gmail.com>
Date: Wed, 12 Oct 2011 12:23:13 +0000 (UTC)
Message-id: <[🔎] pan.2011.10.12.12.23.13@gmail.com>
References: <[🔎] CAO8t=bZoQVZ4T9_KkLoxqJ9YDL_M_1cVX8f=9JGUQf2peTRErQ@mail.gmail.com>

On Wed, 12 Oct 2011 12:20:51 +0100, Ad L. wrote:

> Hello all,

Hi!

Ad, most of your messages are going unthreaded and with no references nor 
quotes of the replied message. How are you posting to this mailing 
list? :-?
 
> a little while ago, I executed the 'rkhunter' hunter script as part of a
> random check. It gave me a warning about changed files, but as I checked
> synaptic's history, I found out that those files are part of packages
> that were updated.
> 
> My intention is to find out how to build a trigger, either for apt or
> for dpkg, to update the rkhunter database after each package upgrade.
> Maybe it'd be smart to run rkhunter before updates as well, to catch the
> unauthorized changes that might be there.
> 
> My question:
> should I focus on apt, or rather on dpkg? As far as I'm aware, both
> synaptic and aptitude rely on apt, but I feel that it's wise to handle
> any security-related issues as low-level as possible.
> 
> Does anyone have other suggestions to consider?

There is a small reference at rkhunter readme file ("/usr/share/doc/
rkhunter/README.Debian.gz", "Hash Checks" section) about how to manage 
the integrity of hashes, not sure if that can be of any help to your 
issue.

Greetings,

-- 
Camaleón

Reply to:

References:
- rkhunter database update - which method is recommended?
  - From: "Ad L." <mrd.debiannews@gmail.com>

Prev by Date: How to kill a dead loop program?
Next by Date: Re: dates of install for pkgs
Previous by thread: rkhunter database update - which method is recommended?
Next by thread: Re: Re: rkhunter database update - which method is recommended?
Index(es):
- Date
- Thread