On Thu, 2011-06-30 at 15:29 -0400, Tanstaafl wrote: > On 2011-06-28 3:40 PM, John Horne wrote: > > Correct. So when you then run 'rkhunter --propupd' again it compares the > > time value in the rkhunter database against that on the file itself. If > > both are the same, then the file hasn't changed since 'rkhunter > > --propupd' was last run. > > So, the question remains, why does mine repeatedly flag the same 6 files > as having changed properties after every --propupd run... > > <sigh> I hate the weird problems... > Hello,
The only scenario I could think of would be if perhaps there were two installations of RKH on your system, but using different data files. That way one RKH sees the command files as having changed, yet when you run 'rkhunter --propupd' from the command-line it updates a different data file ('rkhunter.dat'). Since the first rkhunter isn't looking at that file, it reports (again) that the files have changed. You'll need to check your system - perhaps with something like 'locate' - to see if RKH has been installed more than once. John. -- John Horne, University of Plymouth, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users