On Thu, 2009-02-12 at 20:58 +0100, Julien Valroff wrote: > > It would be nice if rkhunter recognizes which packages were > > upgraded/installed/removed/etc. any only trigger the update-process > > when one or more of its watched files is part of these packages. > We would first need to precisely know what files rkhunter checks for > (they are system dependent, and also depend on various parameters). > That is however possible, but imho, it would be too much Of course it would be "some" work to implement ;)
> That was the plan for the last upload, upstream having now improved the > --propupd option. > However, I have found that running 'rkhunter --propupd' with one file or > for all files almost takes the same time. The time won when updating one > file only is then bitten by the slight overheads resulting from the apt > pre/post invoke scripts needed to achieve these goals. Sure?! At my system the whole process takes quite a long time... > I have however discovered that running propupd with the --nolog option > almost divides the running time by 2 on my test systems. But I am still > wondering if using this option by default is a good idea. > I would be happy to get comments on this... Uhm I think this depends on whether logs would be written in case of errors or warnings.... If not,.. I would suggest against it. Chris.
smime.p7s
Description: S/MIME cryptographic signature
