Re: rkhunter mails to root: should I worry?

To: debian-user@lists.debian.org
Subject: Re: rkhunter mails to root: should I worry?
From: "Oliver Schneider" <Borbarad@gmxpro.net>
Date: Wed, 24 Mar 2010 00:47:13 +0100
Message-id: <[🔎] 20100323234713.283490@gmx.net>
In-reply-to: <[🔎] 836364.21811.qm@web51103.mail.re2.yahoo.com>
References: <[🔎] 836364.21811.qm@web51103.mail.re2.yahoo.com>

> Should I worry? What are these messages I'm seeing? Especially the ones
> that are reporting that the utilities sudo, dpkg-query and dpkg have
> changed. How do I know these are legitimate?
You should know whether the respective packages owning those files were updated by you (our the unattended security updates mechanism) lately. Otherwise try to see from the system log. Also, the .deb files likely contain some hashes that you can look up on a "known clean" system, because obviously if a real rootkit is involved you shouldn't trust information found in the system log.

> I'm running debain 5.0 on a amd64 system.
The last three warnings I get regularly. Debian is a bit slower to update to the latest versions, but on the other hand some security-relevant patches get backported so I wouldn't be too worried about those (including exim).

// Oliver

Reply to:

References:
- rkhunter mails to root: should I worry?
  - From: Dino Vliet <dino_vliet@yahoo.com>

Prev by Date: Re: Wifi Can't Connect
Next by Date: Re: Intel Core i5 integrated graphics
Previous by thread: rkhunter mails to root: should I worry?
Next by thread: how to open a port?
Index(es):
- Date
- Thread