Hello Bob, On Sun, 22 Feb 2009 16:36:20 +0100 Robert Hare <r.h...@which.net> wrote: >How do I find out if I have a problem,
Next time *please* do not post a complete log just to point out 10- ish lines. > apart from rebuilding my OS from scratch, what can I do? Why would you? >[14:52:45] Running Rootkit Hunter version 1.3.0 on HPcompaq We're at 1.3.4 now. >[14:52:46] Info: System is not using prelinking OK, so it's not that... >[14:52:53] /usr/bin/last [ Warning ] >[14:52:53] Warning: The file properties have changed: >[14:52:53] File: /usr/bin/last >[14:52:53] Current inode: 926761 Stored inode: 927515 >[14:52:53] Current file modification time: 1232722902 >[14:52:53] Stored file modification time : 1208581546 >[14:52:55] /usr/bin/sudo [ Warning ] >[14:52:55] Warning: The file properties have changed: >[14:52:55] File: /usr/bin/sudo >[14:52:55] Current hash:d82c24a5852a96725b9e99abe8b8ee2ae50a5e22 >[14:52:55] Stored hash :a8b8876a79185207726c1de99eefbc144516c18c >[14:52:55] Current inode: 926949 Stored inode: 927878 >[14:52:55] Current size: 107936 Stored size: 107872 >[14:52:55] Current file modification time: 1234840628 >[14:52:55] Stored file modification time : 1221069938 >[14:52:58] /sbin/sulogin [ Warning ] >[14:52:58] Warning: The file properties have changed: >[14:52:58] File: /sbin/sulogin >[14:52:58] Current inode: 81458 Stored inode: 81365 >[14:52:58] Current file modification time: 1232722902 >[14:52:58] Stored file modification time : 1208581546 MAC epochs for /usr/bin/last and /sbin/sulogin match, no other changes except they've moved to another inode. Any upgrades around that time? Can you verify binaries with package contents from a trusted source? Regards, unSpawn --- -- Complete an accredited human resources degree, 100% online. Free info! http://tagline.hushmail.com/fc/BLSrjkqZ6ISRghtdYswkJZrOlGeEA3q0HQCHSwuEEIwd5V62XqoiI2RGQej/ ------------------------------------------------------------------------------ Open Source Business Conference (OSBC), March 24-25, 2009, San Francisco, CA -OSBC tackles the biggest issue in open source: Open Sourcing the Enterprise -Strategies to boost innovation and cut costs with open source participation -Receive a $600 discount off the registration fee with the source code: SFAD http://p.sf.net/sfu/XcvMzF8H _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users