Hello, starting oct. 2nd rkhunter has started to log warings about changed files. At first i thought "ok" it's probably because I usualy do a "aptitude full-upgrade" once every day or so, running SID, i386. But now I'm not so sure...
Can anyone help me veirfy this as a false positive or a real problem? It's my home firewall/desktop, nothing fancy, only apache and ssh open, I'm the only user. Regards, david. [10:10:18] /bin/dmesg [ Warning ] [10:10:18] Warning: The file properties have changed: [10:10:18] File: /bin/dmesg [10:10:18] Current inode: 830723 Stored inode: 830720 [10:10:18] Current file modification time: 1191297943 [10:10:18] Stored file modification time : 1190434387 [10:10:19] /bin/echo [ OK ] [10:10:20] /bin/ed [ OK ] [10:10:21] /bin/egrep [ Warning ] [10:10:21] Warning: The file properties have changed: [10:10:21] File: /bin/egrep [10:10:21] Current hash: 7cd73efc63c459ab8a482babc041c5826f5cecb5 [10:10:21] Stored hash : a2b3ad467d144ca1ffdb3bea0df2e118dd530792 [10:10:21] Current inode: 830756 Stored inode: 831002 [10:10:22] Current size: 92468 Stored size: 92276 [10:10:22] Current file modification time: 1191499712 [10:10:22] Stored file modification time : 1189060044 [10:10:22] Info: Found file '/bin/egrep': it is whitelisted for the 'script replacement' check. [10:10:23] /bin/fgrep [ Warning ] [10:10:23] Warning: The file properties have changed: [10:10:23] File: /bin/fgrep [10:10:23] Current hash: e7dba608e2b07a4c8f58ef845698c5ce71d629d5 [10:10:23] Stored hash : 2c46a7a7bef4ce1c90e39b1acf6cd33d757c3262 [10:10:24] Current inode: 830834 Stored inode: 831003 [10:10:24] Current size: 52912 Stored size: 51248 [10:10:24] Current file modification time: 1191499712 [10:10:24] Stored file modification time : 1189060044 [10:10:24] Info: Found file '/bin/fgrep': it is whitelisted for the 'script replacement' check. [10:10:25] /bin/grep [ Warning ] [10:10:25] Warning: The file properties have changed: [10:10:25] File: /bin/grep [10:10:25] Current hash: a0989f2cd518f36254f8c247a4a8c5e250e2f9d8 [10:10:26] Stored hash : 983854833309906246a0b1e34f1ba04ebb6d0651 [10:10:26] Current inode: 830755 Stored inode: 831001 [10:10:26] Current size: 100468 Stored size: 96372 [10:10:26] Current file modification time: 1191499712 [10:10:26] Stored file modification time : 1189060044 [10:10:27] /bin/ip [ OK ] [10:10:28] /bin/kill [ Warning ] [10:10:28] Warning: The file properties have changed: [10:10:29] File: /bin/kill [10:10:29] Current inode: 830772 Stored inode: 830725 [10:10:29] Current file modification time: 1191589008 [10:10:29] Stored file modification time : 1189455008 [10:10:30] /bin/login [ OK ] [10:10:31] /bin/ls [ OK ] [10:10:31] /bin/lsmod [ OK ] [10:10:32] /bin/mktemp [ OK ] [10:10:33] /bin/more [ Warning ] [10:10:34] Warning: The file properties have changed: [10:10:34] File: /bin/more [10:10:34] Current inode: 830724 Stored inode: 830721 [10:10:34] Current file modification time: 1191297943 [10:10:34] Stored file modification time : 1190434387 [10:10:35] /bin/mount [ Warning ] [10:10:35] Warning: The file properties have changed: [10:10:35] File: /bin/mount [10:10:35] Current hash: 1a878ee3c6d0d320260e472e4f9761e582413a43 [10:10:36] Stored hash : d1474694f1390da8dcc3fca5198599cd46d165fc [10:10:36] Current inode: 830721 Stored inode: 830866 [10:10:36] Current size: 61264 Stored size: 60976 [10:10:36] Current file modification time: 1191297943 [10:10:36] Stored file modification time : 1190434387 [10:10:37] /bin/mv [ OK ] [10:10:38] /bin/netstat [ OK ] [10:10:39] /bin/ps [ Warning ] [10:10:39] Warning: The file properties have changed: [10:10:39] File: /bin/ps [10:10:39] Current inode: 830865 Stored inode: 830751 [10:10:39] Current file modification time: 1191589008 [10:10:40] Stored file modification time : 1189455008 [10:10:40] /bin/pwd [ OK ] [10:10:41] /bin/readlink [ OK ] [10:10:42] /bin/sed [ Warning ] [10:10:42] Warning: The file properties have changed: [10:10:42] File: /bin/sed [10:10:42] Current hash: f157d60c55e7d5d90392feb5ab78613a491538f7 [10:10:43] Stored hash : 4c933909719f1ac21794157d32fa3edf6efe1a02 [10:10:43] Current inode: 830833 Stored inode: 830747 [10:10:43] Current size: 40436 Stored size: 40308 [10:10:43] Current file modification time: 1191079864 [10:10:43] Stored file modification time : 1187193844 [10:10:44] /bin/sh [ OK ] [10:10:45] /bin/su [ OK ] [10:10:46] /bin/touch [ OK ] [10:10:47] /bin/uname [ OK ] [10:10:48] /bin/which [ Warning ] [10:10:48] Warning: The file properties have changed: [10:10:48] Warning: The file properties have changed: [10:10:48] File: /bin/which [10:10:49] Current inode: 830831 Stored inode: 830863 [10:10:49] Current file modification time: 1191159100 [10:10:49] Stored file modification time : 1190225529 [10:10:49] Info: Found file '/bin/which': it is whitelisted for the 'script replacement' check. [10:10:50] /bin/tcsh [ OK ] ... -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
