| 1 |
Hello, |
| 2 |
|
| 3 |
I have had rkhunter installed for a long time, been working well, system |
| 4 |
was reporting clean... |
| 5 |
|
| 6 |
On Saturday I did an emerge -uDN world and installed the available |
| 7 |
updates (not a huge amount), then on Sunday morning, got a report about |
| 8 |
6 files whose properties had changed, and I realized I forgot to run |
| 9 |
--propupd command, so I did - but got the same email again, so it isn't |
| 10 |
working (doesn't reset the files database so that it thinks they are |
| 11 |
ok). I still get the same email/message about the same 6 files |
| 12 |
properties being changed. I've tried running it 3 times now. |
| 13 |
|
| 14 |
System checks summary |
| 15 |
===================== |
| 16 |
|
| 17 |
File properties checks... |
| 18 |
Files checked: 144 |
| 19 |
Suspect files: 6 |
| 20 |
|
| 21 |
and from the log: |
| 22 |
|
| 23 |
myhost : Mon Jun 27, 08:17:17 : ~ |
| 24 |
# grep Warn /var/log/rkhunter.log |
| 25 |
[08:05:04] Info: Emailing warnings to 'root' using command '/bin/mail -s |
| 26 |
"[rkhunter] Warnings found for ${HOST_NAME}"' |
| 27 |
[08:05:30] /usr/bin/logger [ Warning ] |
| 28 |
[08:05:30] Warning: The file properties have changed: |
| 29 |
[08:05:38] /usr/bin/whereis [ Warning ] |
| 30 |
[08:05:38] Warning: The file properties have changed: |
| 31 |
[08:05:40] /sbin/fsck [ Warning ] |
| 32 |
[08:05:40] Warning: The file properties have changed: |
| 33 |
[08:05:47] /bin/dmesg [ Warning ] |
| 34 |
[08:05:47] Warning: The file properties have changed: |
| 35 |
[08:05:51] /bin/more [ Warning ] |
| 36 |
[08:05:51] Warning: The file properties have changed: |
| 37 |
[08:05:51] /bin/mount [ Warning ] |
| 38 |
[08:05:51] Warning: The file properties have changed: |
| 39 |
myhost : Mon Jun 27, 08:17:25 : ~ |
| 40 |
# |
| 41 |
|
| 42 |
Anyone got any idea what could be causing this? |
Archives