On 2008-08-26 15:07, Paul Cartwright wrote: > Does this mean anything? > > Warning: The file properties have changed: > File: /bin/login > Current hash: 9092a50dbbf0b16b095a1ee22e9bfb2a9e0f9a21 > Stored hash : b333555dccebeca07909fdc9c53160f5e399d4f6 > Current inode: 2068498 Stored inode: 2071401 > Current size: 35236 Stored size: 35268 > Current file modification time: 1217093050 > Stored file modification time : 1207180658 [snip] IIUC, this means that those files have been changed since the last time you ran 'rkhunter --propupd'. This could have either been a hacker or it was you, eg. via installing a (security) update. It's up to 'inform' rkhunter on any system files that get updated. Hint: on lenny, my 'login' was last updated on 2008-08-15. > I'm not sure what to look at, or if there is even a problem: > # ls -l /bin/su > -rwsr-xr-x 1 root root 27108 2008-07-26 13:24 /bin/su If this file has been changed by YOU it is ok, if it has been changed by someone else... probably not. HTH, Johannes
Attachment:
signature.asc
Description: OpenPGP digital signature