On Sun, 2011-11-20 at 15:51 +0800, dollfacepers...@hushmail.com wrote: > > On RKHunter: I scanned with rkhunter the first time after reinstalling > it, and I got a warning for rkhunter itself: > > [15:13:26] Warning: The file properties have changed: > [15:13:26] File: /usr/bin/rkhunter > [15:13:26] Current inode: 2753106 Stored inode: 2760035 > Hello,
You didn't say what distribution of linux you were running. I suspect the above situation is possible if you install rkhunter from the distribution (e.g. via yum when using Fedora), rather than using the sources. If you then run 'rkhunter --check' the installed 'rkhunter' may well have the correct size, date/times etc *if* the maintainer installed a copy of the rkhunter file properties database file too (that is, rkhunter.dat). The only change then might well be the inode number. (However I would have thought running 'rkhunter --propupd' as part of the post-installation during installation would have been best.) You could try running 'rkhunter --propupd' to ensure the file properties file is up to date. John. -- John Horne, Plymouth University, UK Tel: +44 (0)1752 587287 Fax: +44 (0)1752 587001 ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ Rkhunter-users mailing list Rkhunter-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rkhunter-users
