Does anyone know what would cause rkhunter to actually execute the commands for
all the system binaries and scripts it checks?
I had never seen this behavior before but a coworker showed it to me in the
rkhunter.log file on a machine she admins.
For example:
[05:10:06] /sbin/lsmod [Warning]
[05:10:06] Warning: The file properties have changed:
[05:10:06] File: /sbin/lsmod
[05:10:06] Current hash: Module
ipv6
nf_conntrack_ipv4
ipt_REJECT
xt_iprange
ipt_LOG
xt_limit
xt_state
... (snip) ...
We see similar entries for all the other commands that produce output - we get
the output from the commands being run.
After checking into it, I ran a "rkhunter --propupd" and then ran "rkhunter -c"
and the odd behavior went away and the log file looked normal.
Does rkhunter actually execute the commands as it runs the hash and package
manager checks? The version she is running is 1.3.2. She also built it into an
rpm before installing it and it is running on a 2.6.25 Linux kernel.
And before anyone points out there is a much newer version and should upgrade -
yup. I just wanted to point it out and ask about it in case it was a bug
lurking in newer versions too since executing all the various commands might
cause problems - for example /sbin/shutdown or similar...
Cheers!
Robert
------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
