On Tue, Nov 05, 2013 at 03:12:38PM +0100, François Patte wrote: > Bonjour, > > I have some warnings from rkhunter: > > > Warning: The file properties have changed:
Properties of the file have changed. In other words, not just the file has changed, but information about the file has changed. > File: /usr/sbin/rsyslogd This is the file whose information has changed and to which the following lines relate. > Current hash: 99fd3e8be4e7b9f553d52f6837eef50ebcebadc8 > Stored hash : 2acece0875f8c6156c1f05df71e8c83c91dea2d0 A "hash" is a mathematical summary of the contents of a file. Hash functions are typically chosen so that even a one bit change in a file produces a significant change in the hash. It's not possible to determine, from the hash itself, what the change was or how big it was, but it is clearly possible to tell that the contents of the file have changed. The "Current hash" shows what the hash is for the file as it currently resides on the disk. The "Stored hash" shows the hash of the file as it was when you last updated rkhunter's database. > Current inode: 523303 Stored inode: 523309 An inode is the entry in a filesystem where the properties of a file (that is, everything EXCEPT the contents of the file and the file's name(s)) are stored. So, the size of the file, where the contents of the file are on disk, the permissions and so on. As before "Current" tells you which inode is associated with "/usr/sbin/rsyslogd" now, and "Stored" shows you which one was when rkhunter updated its database. A change of inode MAY be caused by deletion and recreation of the file, but it's possible there are other causes. > Current size: 522304 Stored size: 522400 A file has a size. This has changed. > Current file modification time: 1378296534 (04-sept.-2013 14:08:54) > Stored file modification time : 1374534377 (23-juil.-2013 01:06:17) This shows you when the file was last modified. This is PROBABLY associated with the above changes, but there is no real guarantee of that. (Interestingly, I notice here that SOME of this information has been translated into your locale (French?), but not all of it. That's probably a bug :) > W > > > What do they mean? > > Thank you. > -- > François Patte > UFR de mathématiques et informatique > Laboratoire CNRS MAP5, UMR 8145 > Université Paris Descartes > 45, rue des Saints Pères > F-75270 Paris Cedex 06 > Tél. +33 (0)1 8394 5849 > http://www.math-info.univ-paris5.fr/~patte >
signature.asc
Description: Digital signature
