On Sun, 2008-02-17 at 23:53 -0800, Sheldon King wrote: > > After fixing my prelinking issue and getting the errors and hash file > values fixed we are down to 5 errors remaining > This of which I cannot fathom why rkhunter is freaking out about, yes the > hash file changed, yes I ran --propupd > And it still is freaking that the file has changed to a bash text file > executable. > The likelihood of 2 of my systems being hacked that were just updated and > one system was brand new is doubtful. > It is way more likely these files were updated during the OS update > > Below are the errors from the rkhunter log file. > > [23:47:20] Warning: The command '/usr/bin/groups' has been replaced by a > script: /usr/bin/groups: Bourne shell script text executable > This isn't anything to do with file hashes. Look in your rkhunter.conf file about whitelisting scripts. RKH checks for 'binary' commands, so it issues a warning if a command is a script. Since some commands are genuinely scripts, you can whitelist them.
John. -- --------------------------------------------------------------- John Horne, University of Plymouth, UK Tel: +44 (0)1752 233914 E-mail: [EMAIL PROTECTED] Fax: +44 (0)1752 233839 ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
