Comment 3 for bug 1451477

> The manpage for "apt.conf" doesn't mention any parameters (such as the package names) that can passed to the "DPkg::Post-Invoke" hook.

Yeah, I agree that the DPkg::Post-Invoke hook doesn't seem to be passed any useful info....

I see that there is a Pre-Install-Pkgs hook, which is passed the list of deb files to be upgraded on stdin. It would be a pain but perhaps rkhunter could record the list of packages somewhere under /var/lib/rkhunter from that hook, and then use that list in the Post-Invoke hook to generate the necessary --propupd command line....