HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=27)
-   -   Yet another rkhunter question :) (http://www.howtoforge.com/forums/showthread.php?t=61029)

SamTzu 20th March 2013 08:52

Yet another rkhunter question :)
 
(Set up is a Debian Squeeze ISPConfig3 in a Proxmox OpenVZ container.)

I keep getting these modification notices from rkhunter... all the time.
It's always the same 3 files and I can't figure out what keeps changing them.
Maybe I should just remove the mail-utils package from the server?

Quote:

Warning: The file properties have changed:
File: /usr/bin/mail
Current hash: da39a3ee5e6b4b0d3255bfef95601890afd80709
Stored hash : 3ec3e07545a4b99dedde12284de3b44d831be7a6
Warning: The file properties have changed:
File: /usr/bin/perl
Current hash: 400681f383f4a2b63d4615a8d7ad53c2a685e3da
Stored hash : be5055e1642bec794804ebf8668a1554864d218b
Current inode: 1966307 Stored inode: 1966361
Current file modification time: 1362591932 (06-Mar-2013 19:45:32)
Stored file modification time : 1361046751 (16-Feb-2013 22:32:31)
Warning: The file properties have changed:
File: /usr/bin/mail.mailutils
Current hash: da39a3ee5e6b4b0d3255bfef95601890afd80709
Stored hash : 3ec3e07545a4b99dedde12284de3b44d831be7a6
Current size: 0 Stored size: 166452
Current file modification time: 1363748401 (20-Mar-2013 05:00:01)
Stored file modification time : 1284404479 (13-Sep-2010 22:01:19)

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)

Parsec 20th March 2013 12:56

Means you run an apt update or similar recently which updated to newer versions of some files concerning perl amd mail. Either that or someone hacked your system and put their own copies there :-)

I'll assume it was the former, if so merely run:

rkhunter --propupd

on your command line and rkhunter will update to the new binaries for these 3.

NB: you should always run the above if you ever apt-get update something or other on your system, or install something new.

SamTzu 20th March 2013 19:32

Nope. I always run --propupd after upgrades.
Something keeps changing (only) those files time and again.
I'm thinking it's something to do with OpenVZ.

Sam


All times are GMT +2. The time now is 09:33.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.