[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rkhunter error report



Paul Cartwright on 26/08/08 14:09, wrote:
Does this mean anything?

Warning: The file properties have changed:
         File: /bin/login
         Current hash: 9092a50dbbf0b16b095a1ee22e9bfb2a9e0f9a21
         Stored hash : b333555dccebeca07909fdc9c53160f5e399d4f6
         Current inode: 2068498    Stored inode: 2071401
         Current size: 35236    Stored size: 35268
         Current file modification time: 1217093050
         Stored file modification time : 1207180658
Warning: The file properties have changed:
         File: /bin/mktemp
         Current hash: cb8928cb9aba84186d11744596a75dfd2bd420bc
         Stored hash : ac19f5e6d493de185416217febced0a32a13fa9d
         Current inode: 2068445    Stored inode: 2070399
         Current size: 6672    Stored size: 6824
         Current file modification time: 1218814174
         Stored file modification time : 1202665904
Warning: The file properties have changed:
         File: /bin/su
         Current hash: 7fb5d1b369ffa2b22f89e51adf2dee61e5b0fb58
         Stored hash : 3c1672c591311d42dc48439d7cf0791e54d1af28
         Current inode: 2068500    Stored inode: 2071402
         Current file modification time: 1217093050
         Stored file modification time : 1207180658


I'm not sure what to look at, or if there is even a problem:
# ls -l /bin/su
-rwsr-xr-x 1 root root 27108 2008-07-26 13:24 /bin/su

Was that it? No further report? Nothing more from rkhunter -c? No rootkits?

Did you upgrade some packages? What else could have changed those files if you didn't upgrade them?

What about chkrootkit? No warnings?

How about running ntop and check what your system is doing - are any ports open that shouldn't be?


Reply to: