Hi there,
while browsing the daily logs of my rkhunter-instance I stumbled upon this:
----------> begin log
Warning: The file properties have changed:
File: /bin/dmesg
Current inode: 146150 Stored inode: 146034
Current file modification time: 1195526070
Stored file modification time : 1192939733
Warning: The file properties have changed:
File: /bin/login
Current hash: 3628610ea3ec95b3f78176e7f3343e9173bc6c0a
Stored hash : 96114ce4d499d9bcafa25c91657739fd52eacba3
Current inode: 146042 Stored inode: 146053
Current size: 32196 Stored size: 35204
Current file modification time: 1193769151
Stored file modification time : 1182535836
Warning: The file properties have changed:
File: /bin/more
Current inode: 146152 Stored inode: 146036
Current file modification time: 1195526070
Stored file modification time : 1192939733
Warning: The file properties have changed:
File: /bin/mount
Current hash: 78fd75d183f846b030be0c3749117347c5710baa
Stored hash : 4ef6e1f19cf7d65b0fe88b6b76c80a687f6c6764
Current inode: 146040 Stored inode: 146044
Current size: 62256 Stored size: 62224
Current file modification time: 1195526071
Stored file modification time : 1192939733
Warning: The file properties have changed:
File: /bin/su
Current hash: 876e222be3c2c8e4de7c7f1665ac1c4a236d0ead
Stored hash : 1ec1b62bc0046bb82fab7c6d8ef5c8128363418a
Current inode: 146043 Stored inode: 146054
Current size: 25284 Stored size: 27044
Current file modification time: 1193769151
Stored file modification time : 1182535837
Warning: The file properties have changed:
File: /bin/which
Current inode: 146036 Stored inode: 146040
Current file modification time: 1195660549
Stored file modification time : 1192986014
Warning: The file properties have changed:
File: /usr/bin/curl
Current hash: 2eb2369f0f38f55d1ca4eef219923cd90155037d
Stored hash : 828d3b67256fcc5eaa716858da125661eadf6e1a
Current inode: 536193 Stored inode: 535599
Current size: 98328 Stored size: 98232
Current file modification time: 1194056128
Stored file modification time : 1189788713
Warning: The file properties have changed:
File: /usr/bin/dpkg
Current hash: 165507d35c32864252f82d477720295e8df5799f
Stored hash : 442738ab55e2a25aeb82131ee72e7463c97a6892
Current inode: 535522 Stored inode: 535702
Current file modification time: 1195536203
Stored file modification time : 1191819257
Warning: The file properties have changed:
File: /usr/bin/dpkg-query
Current inode: 535545 Stored inode: 535749
Current file modification time: 1195536203
Stored file modification time : 1191819257
Warning: The file properties have changed:
File: /usr/bin/killall
Current hash: 185d67c0fe922902ec8f88b5a6b092573f32f7aa
Stored hash : f0067a074d32964abb82f576e9332479d363896d
Current inode: 535838 Stored inode: 536976
Current size: 14404 Stored size: 14360
Current file modification time: 1194161322
Stored file modification time : 1177330483
Warning: The file properties have changed:
File: /usr/bin/lastlog
Current hash: fc8f8520c08d2f268351456988cb8fae66bc3f78
Stored hash : b3bdc96a573ae6fabb4498735796d945a505c1b2
Current inode: 536445 Stored inode: 535745
Current size: 6088 Stored size: 6120
Current file modification time: 1193769151
Stored file modification time : 1182535836
Warning: The file properties have changed:
File: /usr/bin/logger
Current inode: 536292 Stored inode: 535755
Current file modification time: 1195526071
Stored file modification time : 1192939733
Warning: The file properties have changed:
File: /usr/bin/newgrp
Current hash: 2caa870921de7e0742e5b9b99003fdb94635cebd
Stored hash : b40f75996534f63a6ac20bcf6aa0fe9a133dbfd3
Current inode: 536446 Stored inode: 535981
Current size: 18916 Stored size: 20196
Current file modification time: 1193769151
Stored file modification time : 1182535836
Warning: The file properties have changed:
File: /usr/bin/passwd
Current hash: fcacf1c9f00e9436db1cb012a518cb284fcf2af9
Stored hash : 99ae9ef0c57f65ef87b20dce84d2e025ed20d736
Current inode: 536450 Stored inode: 538605
Current file modification time: 1193769136
Stored file modification time : 1182535832
Warning: The file properties have changed:
File: /usr/bin/perl
Current hash: 5fcb98f27869caf54f13a686a681cbbaf0f304e5
Stored hash : 6fb63d05891c9f2fb5b4b8dcef6d07776eb02f8f
Current inode: 536297 Stored inode: 535546
Current size: 1069940 Stored size: 1069972
Current file modification time: 1194849074
Stored file modification time : 1192713529
Warning: The file properties have changed:
File: /usr/bin/pstree
Current hash: a8e8b26ad1c1f7ea757dcbd7566444fc78ee28af
Stored hash : 231f2cdcc29806054ae9566bc62f21d099ce33cd
Current inode: 536331 Stored inode: 536977
Current size: 14072 Stored size: 14020
Current file modification time: 1194161322
Stored file modification time : 1177330483
Warning: The file properties have changed:
File: /usr/bin/whatis
Current inode: 535952 Stored inode: 535974
Current file modification time: 1195329862
Stored file modification time : 1192181447
Warning: The file properties have changed:
File: /usr/bin/whereis
Current inode: 536538 Stored inode: 536734
Current file modification time: 1195526070
Stored file modification time : 1192939733
Warning: The file properties have changed:
File: /usr/bin/which
Current inode: 536023 Stored inode: 536530
Current file modification time: 1195729649
Stored file modification time : 1193037874
Warning: The file properties have changed:
File: /usr/sbin/groupadd
Current hash: a61c289b3a5748fdd282831c66428faaaca2153c
Stored hash : 687c92b3d0fd81fee95166aa02b8d258b68a1b1d
Current inode: 585768 Stored inode: 587787
Current file modification time: 1193769136
Stored file modification time : 1182535832
Warning: The file properties have changed:
File: /usr/sbin/groupdel
Current hash: 9be012babde4a85f34ceaad21035f1bd54d8e75e
Stored hash : b45f3da66ce9bef3a21d13873d5ba82fd2ec71e8
Current inode: 585769 Stored inode: 587788
Current size: 21004 Stored size: 21036
Current file modification time: 1193769136
Stored file modification time : 1182535832
Warning: The file properties have changed:
File: /usr/sbin/groupmod
Current hash: 09ce0f2c8d3386eb51ba0ba3c3d69d804ce2c630
Stored hash : f411493f1c9becc70dd7fc03bfc398df546e7d80
Current inode: 585770 Stored inode: 587789
Current file modification time: 1193769136
Stored file modification time : 1182535832
Warning: The file properties have changed:
File: /usr/sbin/grpck
Current hash: f642ab98bad9a456907f272e96bd4e267c4a8179
Stored hash : 0ebca2962d9fd7e09be109c139c1316afa679ec3
Current inode: 585771 Stored inode: 587790
Current file modification time: 1193769136
Stored file modification time : 1182535832
Warning: The file properties have changed:
File: /usr/sbin/nologin
Current hash: b558f0ae81789d02294c687fdb639c158e01edbe
Stored hash : 2be07bf684894f43d69296ddf7b9ef825aa23375
Current inode: 585764 Stored inode: 587330
Current size: 3152 Stored size: 3164
Current file modification time: 1193769151
Stored file modification time : 1182535836
Warning: The file properties have changed:
File: /usr/sbin/pwck
Current hash: c21e17dd38082d9a401ff39f86d7b6f2f94deef4
Stored hash : 55ef094d9719ad1c81864fd61ab0a284b07a4228
Current inode: 585775 Stored inode: 587794
Current size: 25804 Stored size: 27020
Current file modification time: 1193769136
Stored file modification time : 1182535832
Warning: The file properties have changed:
File: /usr/sbin/useradd
Current hash: 6ac720f89d6a0f4fac1c81b3ea392a6166eaf37c
Stored hash : acea5c90af50033d394c28bf49fbd8f53ed0b072
Current inode: 585778 Stored inode: 587797
Current size: 57068 Stored size: 60364
Current file modification time: 1193769136
Stored file modification time : 1182535832
Warning: The file properties have changed:
File: /usr/sbin/userdel
Current hash: 583ec6177c82d33315f618b759ab80034c80feb1
Stored hash : 2cd00079add17dcf818ede4e9cd9d463d057e843
Current inode: 585779 Stored inode: 587798
Current file modification time: 1193769136
Stored file modification time : 1182535832
Warning: The file properties have changed:
File: /usr/sbin/usermod
Current hash: dde255f95725e0a8a9a4d61a32a304a3d73e185f
Stored hash : 59f43dee923d5c460525cab997176d29b82b4b39
Current inode: 585780 Stored inode: 587799
Current file modification time: 1193769136
Stored file modification time : 1182535832
Warning: The file properties have changed:
File: /usr/sbin/vipw
Current hash: 097ebbf11c4e54fa8e01f59b81a45172fadd68ed
Stored hash : 234f83d78fdeecfaecf241df08f882c9e7a28eab
Current inode: 585781 Stored inode: 587800
Current size: 27180 Stored size: 27276
Current file modification time: 1193769136
Stored file modification time : 1182535832
-----------> end log
I'm running Debain/unstable, and have updated my the rkhunter-signatures and
hashes with "rkhunter --update". My system is completely updated, no pending
updates from apt. Are there still any files in "unstable" for which rkhunter
does not have the correct hashes?
Thanks in advance!
Nico
--
Nicolas Dorwig
http://blog.343meterprosekunde.de
[EMAIL PROTECTED]
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
