On Tue, 05 Nov 2013 15:12:38 +0100 François Patte <francois.pa...@mi.parisdescartes.fr> wrote:
> Bonjour, > > I have some warnings from rkhunter: > > > Warning: The file properties have changed: > File: /usr/sbin/rsyslogd > Current hash: 99fd3e8be4e7b9f553d52f6837eef50ebcebadc8 > Stored hash : 2acece0875f8c6156c1f05df71e8c83c91dea2d0 > Current inode: 523303 Stored inode: 523309 > Current size: 522304 Stored size: 522400 > Current file modification time: 1378296534 (04-sept.-2013 > 14:08:54) Stored file modification time : 1374534377 (23-juil.-2013 > 01:06:17) W > > > What do they mean? > > This is either exactly what you run rkhunter to find, or more likely, you have just upgraded the rsyslog package. Before upgrading a system with any kind of intrusion detection software, you need to run it to check the system is clean first, than run it again after the upgrade with the appropriate parameter (--propupd in the case of rkhunter) set. This will update the detection database. If you *haven't* just upgraded rsyslog, you should start hunting the intruder... but you're probably OK. From my sid system: joe@jresid:~$ ls -l /usr/sbin/rsyslogd -rwxr-xr-x 1 root root 522304 Sep 4 13:08 /usr/sbin/rsyslogd joe@jresid:~$ sha1sum /usr/sbin/rsyslogd 99fd3e8be4e7b9f553d52f6837eef50ebcebadc8 /usr/sbin/rsyslogd -- Joe -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20131105200307.12f95...@jretrading.com
