Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 20th March 2013, 08:52
SamTzu SamTzu is offline
HowtoForge Supporter
 
Join Date: Apr 2007
Location: Helsinki
Posts: 430
Thanks: 33
Thanked 55 Times in 38 Posts
Send a message via Skype™ to SamTzu
Default Yet another rkhunter question :)

(Set up is a Debian Squeeze ISPConfig3 in a Proxmox OpenVZ container.)

I keep getting these modification notices from rkhunter... all the time.
It's always the same 3 files and I can't figure out what keeps changing them.
Maybe I should just remove the mail-utils package from the server?

Quote:
Warning: The file properties have changed:
File: /usr/bin/mail
Current hash: da39a3ee5e6b4b0d3255bfef95601890afd80709
Stored hash : 3ec3e07545a4b99dedde12284de3b44d831be7a6
Warning: The file properties have changed:
File: /usr/bin/perl
Current hash: 400681f383f4a2b63d4615a8d7ad53c2a685e3da
Stored hash : be5055e1642bec794804ebf8668a1554864d218b
Current inode: 1966307 Stored inode: 1966361
Current file modification time: 1362591932 (06-Mar-2013 19:45:32)
Stored file modification time : 1361046751 (16-Feb-2013 22:32:31)
Warning: The file properties have changed:
File: /usr/bin/mail.mailutils
Current hash: da39a3ee5e6b4b0d3255bfef95601890afd80709
Stored hash : 3ec3e07545a4b99dedde12284de3b44d831be7a6
Current size: 0 Stored size: 166452
Current file modification time: 1363748401 (20-Mar-2013 05:00:01)
Stored file modification time : 1284404479 (13-Sep-2010 22:01:19)

One or more warnings have been found while checking the system.
Please check the log file (/var/log/rkhunter.log)
__________________

Sami Mattila
Internet-Content

Telephone:
00358942833310
Email: firstname.lastname@internet-content.org
Shop: http://shop.internet-content.net
Site: http://www.internet-content.net
Blog: http://www.internet-content.net/en/blog
FB: https://www.facebook.com/internetcontent

Reply With Quote
Sponsored Links
  #2  
Old 20th March 2013, 12:56
Parsec Parsec is offline
Member
 
Join Date: Jan 2013
Posts: 66
Thanks: 1
Thanked 9 Times in 8 Posts
Default

Means you run an apt update or similar recently which updated to newer versions of some files concerning perl amd mail. Either that or someone hacked your system and put their own copies there :-)

I'll assume it was the former, if so merely run:

rkhunter --propupd

on your command line and rkhunter will update to the new binaries for these 3.

NB: you should always run the above if you ever apt-get update something or other on your system, or install something new.
Reply With Quote
  #3  
Old 20th March 2013, 19:32
SamTzu SamTzu is offline
HowtoForge Supporter
 
Join Date: Apr 2007
Location: Helsinki
Posts: 430
Thanks: 33
Thanked 55 Times in 38 Posts
Send a message via Skype™ to SamTzu
 
Default

Nope. I always run --propupd after upgrades.
Something keeps changing (only) those files time and again.
I'm thinking it's something to do with OpenVZ.

Sam
__________________

Sami Mattila
Internet-Content

Telephone:
00358942833310
Email: firstname.lastname@internet-content.org
Shop: http://shop.internet-content.net
Site: http://www.internet-content.net
Blog: http://www.internet-content.net/en/blog
FB: https://www.facebook.com/internetcontent

Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
scriptdir and bindir in RKHUNTER stigge2000 Server Operation 6 21st December 2012 14:57
RKHunter issues. scottrill2 Installation/Configuration 2 28th November 2012 18:35
LXC containers as VM's for ISPConfig 3 - First steps & quick start. CSsab Tips/Tricks/Mods 6 7th February 2011 17:14
rkhunter Messages atjensen11 Installation/Configuration 0 16th September 2009 18:59
Hostname question, and DNS question andrewfashion General 1 20th April 2009 14:30


All times are GMT +2. The time now is 11:59.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.