On 18/05/2010 12:55, Conrad Schuler wrote: > CentOS 5.4 > rkhunter 1.3.6 > still a clean system > > Hey, > > I have chmod > > /bin/dmesg > /bin/mount > /bin/rpm > /usr/bin/chattr > /usr/bin/last > /usr/bin/w > /usr/bin/who > /sbin/sysctl > > to 700 > > After chmod I run: rkhunter --propupd > > and it builds the db and the commands that I have changed to 700 are > listed in the db as 0755 > > So I get a warning that the perms have changed... When they are just fine. > > Restart w/ Selinux autorelabel and then running: rkhunter --update > > only repeats the issue. > > Any ideas as to what is going on?
Do you have PKGMGR=RPM set in your rkhunter.conf? If so, rkhunter will be getting the expected permissions from the RPM database rather than the files themselves. Cheers, Dave ------------------------------------------------------------------------------ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users