On 18/05/2010 12:55, Conrad Schuler wrote:
> CentOS 5.4
> rkhunter 1.3.6
> still a clean system
> 
> Hey,
> 
> I have chmod
> 
> /bin/dmesg
> /bin/mount
> /bin/rpm
> /usr/bin/chattr
> /usr/bin/last
> /usr/bin/w
> /usr/bin/who
> /sbin/sysctl
> 
> to 700
> 
> After chmod I run: rkhunter --propupd
> 
> and it builds the db and the commands that I have changed to 700 are 
> listed in the db as 0755
> 
> So I get a warning that the perms have changed... When they are just fine.
> 
> Restart w/ Selinux autorelabel and then running: rkhunter --update
> 
> only repeats the issue.
> 
> Any ideas as to what is going on?

Do you have PKGMGR=RPM set in your rkhunter.conf? If so, rkhunter will
be getting the expected permissions from the RPM database rather than
the files themselves.

Cheers,
Dave

------------------------------------------------------------------------------

_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users

Reply via email to