Yet another rkhunter question :)

Discussion in 'Installation/Configuration' started by SamTzu, Mar 20, 2013.

  1. SamTzu

    SamTzu HowtoForge Supporter

    (Set up is a Debian Squeeze ISPConfig3 in a Proxmox OpenVZ container.)

    I keep getting these modification notices from rkhunter... all the time.
    It's always the same 3 files and I can't figure out what keeps changing them.
    Maybe I should just remove the mail-utils package from the server?

     
  2. Parsec

    Parsec New Member

    Means you run an apt update or similar recently which updated to newer versions of some files concerning perl amd mail. Either that or someone hacked your system and put their own copies there :)

    I'll assume it was the former, if so merely run:

    rkhunter --propupd

    on your command line and rkhunter will update to the new binaries for these 3.

    NB: you should always run the above if you ever apt-get update something or other on your system, or install something new.
     
  3. SamTzu

    SamTzu HowtoForge Supporter

    Nope. I always run --propupd after upgrades.
    Something keeps changing (only) those files time and again.
    I'm thinking it's something to do with OpenVZ.

    Sam
     

Share This Page