sp11 wrote: > [23:01:57] Warning: The file properties have changed: Changed from what? > [23:01:57] File: /bin/sh > [23:01:57] Current hash: add19e504c254758f2ea8dcda3821c77fafb4923 > [23:01:57] Stored hash : 3e4f053d7520819f5e45a7792c972b05e4ff234e > [23:01:57] Current inode: 1958022 Stored inode: 1957896 > [23:01:57] Current file modification time: 1359928637 (03-Feb-2013 22:57:17) > [23:01:57] Stored file modification time : 1342538237 (17-Jul-2012 17:17:17) > > > [23:02:04] Warning: The file properties have changed: > [23:02:04] File: /usr/bin/perl > [23:02:04] Current hash: 13e50d52280d120bf8c71c7eaf4e7431c9afa392 > [23:02:04] Stored hash : f62bbb9e85d386d16f97ea0f3e8afaaf36a36696 On my up to date Squeeze amd64 system: $ sha1sum /bin/bash /usr/bin/perl add19e504c254758f2ea8dcda3821c77fafb4923 /bin/bash 13e50d52280d120bf8c71c7eaf4e7431c9afa392 /usr/bin/perl They match your versions. So I would say that whatever is happening here that it is a false positive. I would guess that rkhunter has cached values for those files and that those cached values are stale. Figure out where it is getting those stored values from and update them. Bob
Attachment:
signature.asc
Description: Digital signature