Robert Fields wrote:
> Does anyone know what would cause rkhunter to actually execute the commands
> for all the system binaries and scripts it checks?
>
> I had never seen this behavior before but a coworker showed it to me in the
> rkhunter.log file on a machine she admins.
>
> For example:
>
> [05:10:06] /sbin/lsmod [Warning]
> [05:10:06] Warning: The file properties have changed:
> [05:10:06] File: /sbin/lsmod
> [05:10:06] Current hash: Module
> ipv6
> nf_conntrack_ipv4
These entries are warning you that the properties of the executable
file have changed in some way, not that it ran the program.
The --propupd you did may simply have masked a real problem.
Mike
--
p="p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}
Oppose globalization and One World Governments like the UN.
This message made from 100% recycled bits.
You have found the bank of Larn.
I speak only for myself, and I am unanimous in that!
------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
