On 01/03/2012 01:35 PM, John Horne wrote: > On Tue, 2012-01-03 at 11:54 -0500, Tim Evans wrote: >> Don't see this in the FAQ, or in the last year or so's worth of archived >> messages, so... >> >> After running yum update on a RedHat 5.x system (or any other analogous >> update tool), how do you re-set the rkhunter database to accept the >> changed files? Something like tripwire's --update and --report-file >> options. >> > Run 'rkhunter --propupd'. It's not mention as a FAQ, but the man page > indicates when the '--propupd' option should be used: > > One of the checks rkhunter performs is to compare various current > file properties of various commands, against those it has previously > stored. This command option causes rkhunter to update its data file > of stored values with the current values.
Thanks for your response. Been there, done that, repeatedly. (This is version 1.3.8, BTW.) The only thing I can find that truly cleans everything up is renaming the db directory and re-installing, then running --propupd, then running a normal scan. Surely, that's not the right way. -- Tim Evans, TKEvans.com, Inc. | 5 Chestnut Court UNIX System Admin Consulting | Owings Mills, MD 21117 http://www.tkevans.com/ | 443-394-3864 http://www.come-here.com/News/ | [email protected] ------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
