Dick Gevers wrote:
On Fri, 7 Dec 2007 00:15:32 +0100, Nils Breunese (Lemonbit) wrote about Re:[Rkhunter-users] baffling warning:Of course: # rpm -Vf /usr/bin/who S.5....T c /etc/DIR_COLORS S.5....T c /etc/pam.d/su .M....G. /usr/bin/who Looks okay to me. But I'll appreciate any ideas.For the first two files the file size, MD5 and Mtime tests fail. For the last one the mode and group tests failed. Why does that look okay to you? Did you modify these files yourself?Well, I don't see the warnings, but I'll take your word for it.
That's what the letters S (file size), M (mode), 5 (MD5), G (group) and T (Mtime) indicate. The rpm verify only gives output about files that are different from the packaged versions.
I know all 3 files changed by a few upgrades in Cooker. But this was notdone manually but by package coreutils being upgraded.
A package being upgraded is no reason for this, as the package manager knows what it installed.
The only thinh I could imagine is that /usr/bin/who might have changed group due to msec running, but I didn't see an error with rpm. Obviously, you know more thanI do. Is there a suggested way to deal with this?
I am no Mandrake user and not familiar with msec, but it could be that that changes the mode of the who binary. If it does, then yes, rpm will tell you who is not the original version and rkhunter will notify you of this.
Nils Breunese.
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------- SF.Net email is sponsored by: Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php
_______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
