Hi Alan, You can find what package provides the ldd program, and then verify the integrity of the package. If it really changed I think you should look for any suspicious activity in your server.
I think you can find the package with dpkg -S $(which ldd) and you can check its integrity with debsum. ldd shouldn't change, unless you have updated your system. Rodolfo Martínez Dirección de Proyectos Aleux México | http://www.aleux.com On Thu, Jan 21, 2010 at 3:27 PM, Alan L Tyree <[email protected]> wrote: > Dear SLUGGERS, > > I just got this report from rkhunter on my machine: > > Warning: The file properties have changed: > File: /usr/bin/ldd > Current inode: 331476 Stored inode: 17196 > Current file modification time: 1263451668 > Stored file modification time : 1231069314 > > > I see that ldd prints the shared libraries required by each program, > but I don't understand why it should have been changed or if I should > be worried about it. > > I ran chkrootkit and it showed no warnings. System is Debian Lenny > amd64. > > What does it all mean? Thanks for help. > > Alan > > > -- > Alan L Tyree http://www2.austlii.edu.au/~alan > Tel: 04 2748 6206 > > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
