On Thu, 2011-06-30 at 16:06 -0400, Tanstaafl wrote:
On 2011-06-30 3:36 PM, John Horne wrote:
You'll need to check your system - perhaps with something like 'locate'
- to see if RKH has been installed more than once.
Nope, there's only one rkhunter.dat:
myhost : Thu Jun 30, 16:03:07 : ~
On Fri, 2011-07-01 at 08:03 -0400, Tanstaafl wrote:
On 2011-07-01 6:27 AM, John Horne wrote:
I'll need to see the output from '--debug' then or perhaps the (whole)
log file when you run 'rkhunter --propupd' and from when the system run
of rkhunter occurs (I can compare the two then).
Ok
On 2011-07-01 9:57 AM, Tanstaafl wrote:
Ok - but again, I ran --propupd, and got the email warning about the
same 6 files, then went and grabbed the current .log and .log.old files...
Ok, I'm really not stupid, I promise, just had tunnel vision I guess...
I was running it from the cron
On Thu, 2011-06-30 at 15:29 -0400, Tanstaafl wrote:
On 2011-06-28 3:40 PM, John Horne wrote:
Correct. So when you then run 'rkhunter --propupd' again it compares the
time value in the rkhunter database against that on the file itself. If
both are the same, then the file hasn't changed since
On 2011-06-30 3:36 PM, John Horne wrote:
You'll need to check your system - perhaps with something like 'locate'
- to see if RKH has been installed more than once.
Nope, there's only one rkhunter.dat:
myhost : Thu Jun 30, 16:03:07 : ~
# locate rkhunter.dat
/var/lib/rkhunter/db/rkhunter.dat
On Mon, 2011-06-27 at 10:50 -0400, Tanstaafl wrote:
Hello,
I have had rkhunter installed for a long time, been working well, system
was reporting clean...
I installed a lot of system updates (gentoo linux), then the next
morning, got a report about 6 files whose properties had changed,
Thanks for the help John...
On 2011-06-27 10:57 AM, John Horne wrote:
What version of rkhunter are you using?
1.3.8
Also can you show us the full log entry for one of the files with a
warning - that is, showing which file properties have changed?
[09:57:04] /usr/bin/logger
On Mon, 2011-06-27 at 12:40 -0400, Tanstaafl wrote:
Thanks for the help John...
On 2011-06-27 10:57 AM, John Horne wrote:
What version of rkhunter are you using?
1.3.8
Also can you show us the full log entry for one of the files with a
warning - that is, showing which file
