Bug#656437: rkhunter: lots of warnings while performing file properties checks, checking for prerequisites
hestia
hestia at riseup.net
Thu Jan 19 11:26:30 UTC 2012
Package: rkhunter
Version: 1.3.8-10
Severity: important
I get a lot of warnings while rkhunter performs file properties checks, checking for prerequisites. Specifically, i get warning for /usr/bin/find,
/usr/bin/last, /usr/bin/ldd, /usr/bin/size, /usr/bin/strings, /usr/bin/unhide.rb, /sbin/init, /sbin/runlevel, /sbin/sulogin.
/var/log/rkhunter.log reports that :
/usr/bin/find [ Warning ]
[13:09:17] Warning: The file properties have changed:
[13:09:17] File: /usr/bin/find
[13:09:17] Current hash: 419b277baef50758f915e88a7b60dd9057dc38d4
[13:09:17] Stored hash : 7fac9495c1b15611bcbb8b905c4406ba22f860f4
[13:09:17] Current inode: 8132278 Stored inode: 8128061
[13:09:17] Current size: 233968 Stored size: 226256
[13:09:18] Current file modification time: 1325844833 (06-Jan-2012 12:13:53)
[13:09:18] Stored file modification time : 1288115624 (26-Oct-2010 20:53:44)
/usr/bin/last [ Warning ]
[13:09:18] Warning: The file properties have changed:
[13:09:18] File: /usr/bin/last
[13:09:18] Current hash: 5dc94de935705ef983a4569c9f369b479bd09d2b
[13:09:18] Stored hash : 8bbd9656eb60477b680cc1bcd250db701b568d92
[13:09:18] Current inode: 8130182 Stored inode: 8130056
[13:09:18] Current size: 18768 Stored size: 16552
[13:09:18] Current file modification time: 1324595012 (23-Dec-2011 01:03:32)
[13:09:18] Stored file modification time : 1320279377 (03-Nov-2011 02:16:17)
/usr/bin/ldd [ Warning ]
[13:09:18] Warning: The file properties have changed:
[13:09:18] File: /usr/bin/ldd
[13:09:18] Current hash: 26a19ad136c61c1af072bc579421d6573ddd252f
[13:09:18] Stored hash : b807c97d787a9a448ad9526f64e595240fe9d837
[13:09:18] Current inode: 8141812 Stored inode: 8127514
[13:09:18] Current file modification time: 1324751037 (24-Dec-2011 20:23:57)
[13:09:18] Stored file modification time : 1315954995 (14-Sep-2011 02:03:15)
/usr/bin/size [ Warning ]
[13:09:20] Warning: The file properties have changed:
[13:09:20] File: /usr/bin/size
[13:09:20] Current hash: 16a949655addff660ac5500dba2762e21150310a
[13:09:20] Stored hash : d124a90720f0c430a6e0e56ae54f848073bf3213
[13:09:20] Current inode: 8128242 Stored inode: 8139936
[13:09:20] Current file modification time: 1323621960 (11-Dec-2011 18:46:00)
[13:09:20] Stored file modification time : 1321892680 (21-Nov-2011 18:24:40)
/usr/bin/strings [ Warning ]
[13:09:20] Warning: The file properties have changed:
[13:09:20] File: /usr/bin/strings
[13:09:20] Current hash: 76734e0c241756ff18f06129ccb5e0f5e34cafe8
[13:09:20] Stored hash : 3cb7bd2e48233f5a4e234d6b565d7e8f508dc134
[13:09:20] Current inode: 8143620 Stored inode: 8139945
[13:09:20] Current file modification time: 1323621960 (11-Dec-2011 18:46:00)
[13:09:20] Stored file modification time : 1321892680 (21-Nov-2011 18:24:40)
/usr/bin/unhide.rb [ Warning ]
[13:09:22] Warning: The command '/usr/bin/unhide.rb' has been replaced by a script: /usr/bin/unhide.rb: Ruby script, ASCII text
/sbin/init [ Warning ]
[13:09:23] Warning: The file properties have changed:
[13:09:23] File: /sbin/init
[13:09:23] Current hash: 66ff80de227e1ad7098ced98ea9fe09745dd2a7a
[13:09:23] Stored hash : 30e9e50895ea033627941d18973f07576ffa554f
[13:09:23] Current inode: 11272372 Stored inode: 11272232
[13:09:23] Current size: 40552 Stored size: 37000
[13:09:23] Current file modification time: 1324595012 (23-Dec-2011 01:03:32)
[13:09:23] Stored file modification time : 1320279377 (03-Nov-2011 02:16:17)
/sbin/runlevel [ Warning ]
[13:09:24] Warning: The file properties have changed:
[13:09:24] File: /sbin/runlevel
[13:09:24] Current hash: 1ace84d506a059cc652d64f42cbcd40a24448edd
[13:09:24] Stored hash : 43deb592c32f24d62b833200dc211817dcd0b382
[13:09:24] Current inode: 11272371 Stored inode: 11272234
[13:09:24] Current size: 6200 Stored size: 4928
[13:09:24] Current file modification time: 1324595012 (23-Dec-2011 01:03:32)
[13:09:24] Stored file modification time : 1320279377 (03-Nov-2011 02:16:17)
[13:09:24] /sbin/sulogin [ Warning ]
[13:09:24] Warning: The file properties have changed:
[13:09:24] File: /sbin/sulogin
[13:09:24] Current hash: be64dd909ef1dd3a014a7c4bd414e1e88ed36776
[13:09:24] Stored hash : 11e4ff99871f61ae7aa9901b831624f916335271
[13:09:24] Current inode: 11272232 Stored inode: 11272211
[13:09:24] Current size: 14792 Stored size: 15304
[13:09:24] Current file modification time: 1324595012 (23-Dec-2011 01:03:32)
[13:09:24] Stored file modification time : 1320279377 (03-Nov-2011 02:16:17)
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.1.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages rkhunter depends on:
ii binutils 2.22-2
ii debconf [debconf-2.0] 1.5.41
ii file 5.09-2
ii net-tools 1.60-24.1
ii perl 5.14.2-6
ii ucf 3.0025+nmu2
Versions of packages rkhunter recommends:
ii exim4-daemon-light [mail-transport-agent] 4.77-1+b1
ii iproute 20111117-1
ii lsof 4.81.dfsg.1-1
ii unhide.rb 13-1
ii wget 1.13.4-1
Versions of packages rkhunter suggests:
pn bsd-mailx [mailx] 8.1.2-0.20111106cvs-1
pn libdigest-whirlpool-perl <none>
pn liburi-perl 1.59-1
pn libwww-perl 6.03-1
pn powermgmt-base 1.31
pn tripwire <none>
-- debconf information:
rkhunter/apt_autogen: false
rkhunter/cron_daily_run:
rkhunter/cron_db_update:
More information about the forensics-devel
mailing list