Thanks for the help John... On 2011-06-27 10:57 AM, John Horne wrote: > What version of rkhunter are you using?
1.3.8 > Also can you show us the full log entry for one of the files with a > warning - that is, showing which file properties have changed? [09:57:04] /usr/bin/logger [ Warning ] [09:57:04] Warning: The file properties have changed: [09:57:04] File: /usr/bin/logger [09:57:04] Current hash: 686d03f4819c1efaba06f8792f181f0af2c13461 [09:57:04] Stored hash : b4ededa9259434e747b8579ff3aee59b075379cc [09:57:04] Current inode: 301945 Stored inode: 302444 [09:57:04] Current file modification time: 1309013602 (25-Jun-2011 10:53:22) [09:57:04] Stored file modification time : 1304798960 (07-May-2011 16:09:20) [09:57:04] /usr/bin/lsattr [ OK ] And again, even though it says 'Stored file mod time is 07 May, I jhave run --propupd 3 times now... > Are you using a package manager? Yes - Gentoo's... I am using the standard ebuild in portage... ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
