Yesterday I upgraded to rkhunter 1.4.6 on two CentOS 7.3 systems. I ran
rkhunter --check
before and after, and was surprised to see a warning for the numfmt binary.
yum provides numfmt
says that the binary is provided by the coreutils package.
yum history summary coreutils
indicated that this had not been updated on my system in a long time, and I
check and update my rkhunter database regularly. Upon viewing
/var/log/rkhunter/rkhunter.log, I saw that numfmt was not in the rkhunter
database. I used yumdownloader to download the rkhunter rpm and unpackaged
it with rpm2cpio to make sure numfmt wasn't included in the new rkhunter
package- it was not. All of this seems to indicate that prior to version
1.4.6, rkhunter did not check for the numfmt binary, but I can find no
indication of this in the release notes. Furthermore, Googling the hashes
for the numfmt binary on my system gives no results. Can someone help me
out with this? I want to know whether I should be concerned about this new
warning.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
