Package: rkhunter
Version: 1.3.0-2
Severity: normal
I was getting the following emails everyday:
Warning: The file properties have changed:
File: /usr/bin/ldd
Current inode: 3143953 Stored inode: 866682
Current file modification time: 1193274171
Stored file modification time : 1191200505
and they seem to have gone away now that I have added this to
/etc/rkhunter.conf:
ATTRWHITELIST=/usr/bin/ldd
Is that a know false positive? I am always a little hesitant to whitelist
things when they aren't mentioned in the documentation or in the examples :)
Francois
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.23.1-hrt3-grsec (SMP w/2 CPU cores)
Locale: LANG=fr_CA, LC_CTYPE=fr_CA (charmap=UTF-8) (ignored: LC_ALL set to
fr_CA.utf8)
Shell: /bin/sh linked to /bin/dash
Versions of packages rkhunter depends on:
ii debconf [debconf-2.0] 1.5.16 Debian configuration management sy
ii exim4 4.68-2 meta-package to ease Exim MTA (v4)
ii exim4-daemon-light [mail-tran 4.68-2 lightweight Exim MTA (v4) daemon
ii file 4.21-3 Determines file type using "magic"
ii net-tools 1.60-17.2 The NET-3 networking toolkit
ii perl 5.8.8-11.1 Larry Wall's Practical Extraction
Versions of packages rkhunter recommends:
ii binutils 2.18.1~cvs20071027-1 The GNU assembler, linker and bina
ii curl 7.17.1-1 Get a file from an HTTP, HTTPS or
ii iproute 20070313-1 Professional tools to control the
pn libmd5-perl <none> (no description available)
ii wget 1.10.2-3 retrieves files from the web
-- debconf information:
* rkhunter/apt_autogen: true
* rkhunter/cron_daily_run: true
* rkhunter/cron_db_update: true
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
