On Thu, 2011-06-30 at 15:29 -0400, Tanstaafl wrote:
> On 2011-06-28 3:40 PM, John Horne wrote:
> > Correct. So when you then run 'rkhunter --propupd' again it compares the
> > time value in the rkhunter database against that on the file itself. If
> > both are the same, then the file hasn't changed since 'rkhunter
> > --propupd' was last run.
>
> So, the question remains, why does mine repeatedly flag the same 6 files
> as having changed properties after every --propupd run...
>
> <sigh> I hate the weird problems...
>
Hello,
The only scenario I could think of would be if perhaps there were two
installations of RKH on your system, but using different data files.
That way one RKH sees the command files as having changed, yet when you
run 'rkhunter --propupd' from the command-line it updates a different
data file ('rkhunter.dat'). Since the first rkhunter isn't looking at
that file, it reports (again) that the files have changed.
You'll need to check your system - perhaps with something like 'locate'
- to see if RKH has been installed more than once.
John.
--
John Horne, University of Plymouth, UK
Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
