Re: rkhunter on Etch

2008-08-31 Thread Sam Kuper
2008/8/29 Andrei Popescu <[EMAIL PROTECTED]> > Say package foo has a security issue and upstream is at 1.4 and Debian > still has 1.3. Upstream will most likely release 1.4.1 to fix the issue > (which could be just a few lines of code) and maybe some others small > bugfixes that were pending. Debi

Re: rkhunter on Etch

2008-08-31 Thread Andrei Popescu
On Thu,28.Aug.08, 22:27:04, Sam Kuper wrote: [...] > Okay, so if I understand you correctly, a backport is a kind of refactoring: > the overt functionality doesn't change, but the underlying functionality > does (the refactored code is more secure, or less memory intensive, or > what-have-you de

Re: rkhunter on Etch

2008-08-29 Thread Tim Edwards
Johannes Wiedersich wrote: On 2008-08-29 11:42, Tim Edwards wrote: Johannes Wiedersich wrote: On 2008-08-28 10:00, Tim Edwards wrote: That's new to me. Were did you get this information? IIRC it's a unique feature of debian (and/or debian based systems) to get security fixes backported. As an

Re: rkhunter on Etch

2008-08-29 Thread Johannes Wiedersich
On 2008-08-29 11:42, Tim Edwards wrote: > Johannes Wiedersich wrote: >> On 2008-08-28 10:00, Tim Edwards wrote: >> That's new to me. Were did you get this information? IIRC it's a unique >> feature of debian (and/or debian based systems) to get security fixes >> backported. As an example, see suse'

Re: rkhunter on Etch

2008-08-29 Thread Tim Edwards
Johannes Wiedersich wrote: On 2008-08-28 10:00, Tim Edwards wrote: The way Debian does it this is the same as virtually every other major Linux distro - Suse/OpenSuse, Redhat, Fedora, Mandriva, Ubuntu etc. That is they release a new distro version every X months, in Debian-speak these are call

Re: rkhunter on Etch

2008-08-29 Thread Sam Kuper
2008/8/29 Johannes Wiedersich <[EMAIL PROTECTED]> > A careful study of 'harden-doc' (install it > with aptitude) will probably lead to a more secure system than to solely > rely on one piece of software. Agreed. I'm planning to use some packages from the hardening suite. The problem with rkhunter

Re: rkhunter on Etch

2008-08-29 Thread Sam Kuper
2008/8/29 Tim Edwards <[EMAIL PROTECTED]> > > Probably better to take the maintainer's advice as he knows more about it > than I do. Thanks for clearing this up; will do. > I was just saying that when I've been in this situation, whether on Redhat, > Debian or other distros I usually take the mo

Re: rkhunter on Etch

2008-08-29 Thread Johannes Wiedersich
On 2008-08-28 10:00, Tim Edwards wrote: > The way Debian does it this is the same as virtually every other major > Linux distro - Suse/OpenSuse, Redhat, Fedora, Mandriva, Ubuntu etc. That > is they release a new distro version every X months, in Debian-speak > these are called 'stable' releases, an

Re: rkhunter on Etch

2008-08-29 Thread Tim Edwards
Sam Kuper wrote: Okay, so if I understand you correctly, a backport is a kind of refactoring: the overt functionality doesn't change, but the underlying functionality does (the refactored code is more secure, or less memory intensive, or what-have-you depending on the nature of the fix).

Re: rkhunter on Etch

2008-08-28 Thread Sam Kuper
2008/8/28 Tim Edwards <[EMAIL PROTECTED]> > The way Debian does it this is [...] release a new distro version every X > months, in Debian-speak these are called 'stable' releases, and then provide > *backported* security and bug fix updates for however long that version is > in support. These fixe

Re: rkhunter on Etch

2008-08-28 Thread Tim Edwards
Sam Kuper wrote: 2008/8/27 Chris Bannister <[EMAIL PROTECTED] >: > On Tue, Aug 26, 2008 at 03:30:37AM +0100, Sam Kuper wrote: >> (4) Request the Debian Etch rkhunter maintainers to upgrade rkhunter >> in Etch to version 1.3.2. If successful, this would

Re: rkhunter on Etch

2008-08-27 Thread Tom Furie
On Thu, Aug 28, 2008 at 04:01:40AM +0100, Sam Kuper wrote: > 2008/8/27 Chris Bannister <[EMAIL PROTECTED]>: > > On Tue, Aug 26, 2008 at 03:30:37AM +0100, Sam Kuper wrote: > >> (4) Request the Debian Etch rkhunter maintainers to upgrade rkhunter > >> in Etch to version 1.3.2. If successful, this wou

Re: rkhunter on Etch

2008-08-27 Thread Sam Kuper
2008/8/27 Chris Bannister <[EMAIL PROTECTED]>: > On Tue, Aug 26, 2008 at 03:30:37AM +0100, Sam Kuper wrote: >> (4) Request the Debian Etch rkhunter maintainers to upgrade rkhunter >> in Etch to version 1.3.2. If successful, this would undoubtedly be the >> best solution. Dear Micah and Julien, how

Re: rkhunter on Etch

2008-08-27 Thread Chris Bannister
On Tue, Aug 26, 2008 at 03:30:37AM +0100, Sam Kuper wrote: > (4) Request the Debian Etch rkhunter maintainers to upgrade rkhunter > in Etch to version 1.3.2. If successful, this would undoubtedly be the > best solution. Dear Micah and Julien, how about it? Sysadmins will > love you even more than t

Re: rkhunter on Etch

2008-08-26 Thread Sam Kuper
Dear Julien, Thanks for your prompt reply (below). I suppose that as long as I'm sticking with Etch, I'll have to decide between: option 1; option 3; or using integrit or suchlike, and not bothering to update rkhunter's hashes (I wasn't previously aware of integrit, so thanks for the pointer). Al

Re: rkhunter on Etch

2008-08-26 Thread Julien Valroff
Hi Sam, Thanks for your e-mail. Le mardi 26 août 2008 à 03:30 +0100, Sam Kuper a écrit : > Dear Debian users and rkhunter maintainers for Etch, > > I've been trying to set up rkhunter on my Debian Etch VPS, and I've > run into a few problems. (In case it's significant, this VPS is > virtualised