On Sun, 11 Sep 2011 04:00:35 +0200 "Kingsley G. Morse Jr." <kings...@loaner.com> wrote: >rkhunter said fifteen files were moved to new inodes on August 22, 2011.
>What do you think? I think you have not read FAQ item "Rootkit Hunter tells me there is something wrong with my system. What do I do?" (and basically all of chapter 3) before doing anything... In case of warnings you should *not* make changes to the file system and investigate first. Reinstalling packages will overwrite any "evidence" (if any). Reinstalling packages and then running "-- check" will not cause hash warnings if hash values match. Running "- -propupd" will erase previous attribute values and update them all to the current state. Also, if you run RKH without "--append-log" (or "copy on error" rkhunter.conf setting), there will be no previous log to look at. With the limited information available I can only see the old inode numbers were closely grouped together as are most of the new ones and none of the files listed showed any change in attributes other than inode. This should be consistent with having reinstalled the package(s) these files belong to and not a rootkit warning (no foreign files or processes listed, no string values, etc, etc). If you suspect there is more at play than your own SNAFU then you should run checks booting a Live CD. As there's no evidence of foul play I suggest you 0) look at where your distro logs update information and 1) compare package signature or hash and then package contents with those from a known good repo. Best regards, unSpawn --- ------------------------------------------------------------------------------ Using storage to extend the benefits of virtualization and iSCSI Virtualization increases hardware utilization and delivers a new level of agility. Learn what those decisions are and how to modernize your storage and backup environments for virtualization. http://www.accelacomm.com/jaw/sfnl/114/51434361/ _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
