I'm in the process of configuring a Fedora Core 7 box. It's a standard basic install, and I have taken some basic steps to secure it further (securing sshd, shutting down unused services etc). I have also installed current versions of common software (Apache, MySQL, PHP, Tomcat) and set up a chrooted bind. I haven't yet deployed any web apps that could introduce a security hole.
rkhunter is now reporting changes to certain files. It reports inode changes to /bin/bash, /bin/more, /bin/mount, /bin/tcsh, /usr/bin/elinks, /usr/bin/less, /usr/bin/pstree, /usr/bin/sudo, /usr/bin/top, /usr/bin/wget. It reports inode changes and different hashes for /usr/bin/curl, /usr/bin/lsattr and /usr/bin/chattr. The change to 'curl' is expected, as I did a 'yum' update of 'curl' since I last rebuilt the hash. I would not expect changes to 'lsattr' and 'chattr', as I don't think I've done anything that could affect them. rkhunter and chkrootkit do not detect any known rootkits or issue any other unexpected warnings. Are these warnings cause for concern, or could the inode changes at least be explained by the daily prelink run or some other benign process? Thanks in advance, Angus ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
