On Thu, 2008-12-04 at 11:49 +0000, John Horne wrote
> >
> You need to look in the log file to see why the warnings occur.
Here is all the log file says about this:
Warning: Suspicious file types found
>
in /dev:
> /dev/shm/sysconfig/config-lo: ASCII
> text
> /dev/shm/sysconfig/config-eth0: ASCII
> text
> /dev/shm/sysconfig/config-eth1: ASCII
> text
> /dev/shm/sysconfig/new-stamp-2: ASCII
> text
> /dev/shm/sysconfig/new-stamp-3: ASCII
When I run rkhunter -c --sk --rwo --pkgmgr RPM here is the readout:
Warning: The file properties have changed:
File: /bin/awk
Current inode: 529951356 Stored inode: 859939
Warning: The file properties have changed:
File: /bin/basename
Current inode: 460314 Stored inode: 795397
Warning: The file properties have changed:
File: /bin/bash
Current inode: 155989647 Stored inode: 763333
Warning: The file properties have changed:
File: /bin/cat
Current inode: 460333 Stored inode: 859883
Warning: The file properties have changed:
File: /bin/chmod
Current inode: 460324 Stored inode: 859901
Warning: The file properties have changed:
File: /bin/chown
Current inode: 460315 Stored inode: 859902
Warning: The file properties have changed:
File: /bin/cp
Current inode: 460322 Stored inode: 859903
Warning: The file properties have changed:
File: /bin/csh
Current inode: 13395508 Stored inode: 863109
Warning: The file properties have changed:
File: /bin/date
Current inode: 460327 Stored inode: 859904
Warning: The file properties have changed:
File: /bin/df
Current inode: 460337 Stored inode: 859906
Warning: The file properties have changed:
File: /bin/dmesg
Current inode: 119398303 Stored inode: 859932
Warning: The file properties have changed:
File: /bin/echo
Current inode: 460329 Stored inode: 859907
Warning: The file properties have changed:
File: /bin/ed
Current inode: -1746124991 Stored inode: 859936
Warning: The file properties have changed:
File: /bin/egrep
Current inode: 138962508 Stored inode: 859945
Warning: The file properties have changed:
File: /bin/fgrep
Current inode: 138962509 Stored inode: 859946
Warning: The file properties have changed:
File: /bin/fuser
Current inode: 35466274 Stored inode: 860003
Warning: The file properties have changed:
File: /bin/grep
Current inode: 138962507 Stored inode: 859947
Warning: The file properties have changed:
File: /bin/ip
Current inode: 523253675 Stored inode: 859887
Warning: The file properties have changed:
File: /bin/kill
Current inode: 460316 Stored inode: 859909
Warning: The file properties have changed:
File: /bin/logger
Current inode: 119513810 Stored inode: 860058
Warning: The file properties have changed:
File: /bin/login
Current inode: 823317 Stored inode: 860070
Warning: The file properties have changed:
File: /bin/ls
Current inode: 460330 Stored inode: 859911
Warning: The file properties have changed:
File: /bin/lsmod
Current inode: 19285360 Stored inode: 860066
Warning: The file properties have changed:
File: /bin/mail
Current inode: 1019221240 Stored inode: 860093
Warning: The file properties have changed:
File: /bin/mktemp
Current inode: 767868251 Stored inode: 859877
Warning: The file properties have changed:
File: /bin/more
Current inode: 119398335 Stored inode: 860059
Warning: The file properties have changed:
File: /bin/mount
Current inode: 119513822 Stored inode: 860060
Warning: The file properties have changed:
File: /bin/mv
Current inode: 460326 Stored inode: 859914
Warning: The file properties have changed:
File: /bin/netstat
Current inode: 1060820416 Stored inode: 859881
Warning: The file properties have changed:
File: /bin/ps
Current inode: 5030107 Stored inode: 860002
Warning: The file properties have changed:
File: /bin/pwd
Current inode: 460323 Stored inode: 859915
Warning: The file properties have changed:
File: /bin/rpm
Current inode: 5164323 Stored inode: 860056
Warning: The file properties have changed:
File: /bin/sed
Current inode: 138658717 Stored inode: 859961
Warning: The file properties have changed:
File: /bin/sh
Current inode: 155989676 Stored inode: 795396
Warning: The file properties have changed:
File: /bin/sort
Current inode: 460335 Stored inode: 859919
Warning: The file properties have changed:
File: /bin/su
Current inode: 460328 Stored inode: 859921
Warning: The file properties have changed:
File: /bin/touch
Current inode: 460319 Stored inode: 859923
Warning: The file properties have changed:
File: /bin/uname
Current inode: 460332 Stored inode: 859925
Warning: The file properties have changed:
File: /bin/gawk
Current inode: 529951824 Stored inode: 859940
Warning: The file properties have changed:
File: /bin/tcsh
Current inode: 13395516 Stored inode: 860016
Warning: The file properties have changed:
File: /usr/bin/awk
Current inode: 529951662 Stored inode: 616605
Warning: The file properties have changed:
File: /usr/bin/basename
Current inode: 1940214 Stored inode: 285647
Warning: The file properties have changed:
File: /usr/bin/chattr
Current inode: 256773874 Stored inode: 617324
Warning: The file properties have changed:
File: /usr/bin/chroot
Current inode: 1940270 Stored inode: 285648
Warning: The file properties have changed:
File: /usr/bin/csh
Current inode: 13395509 Stored inode: 283352
Warning: The file properties have changed:
File: /usr/bin/curl
Current inode: 158297464 Stored inode: 617244
Warning: The file properties have changed:
File: /usr/bin/cut
Current inode: 1940277 Stored inode: 285652
Warning: The file properties have changed:
File: /usr/bin/diff
Current inode: 4201289 Stored inode: 616585
Warning: The file properties have changed:
File: /usr/bin/dirname
Current inode: 1940259 Stored inode: 285655
Warning: The file properties have changed:
File: /usr/bin/du
Current inode: 1940298 Stored inode: 285656
Warning: The file properties have changed:
File: /usr/bin/ed
Current inode: -1746124997 Stored inode: 616598
Warning: The file properties have changed:
File: /usr/bin/egrep
Current inode: 138962421 Stored inode: 616617
Warning: The file properties have changed:
File: /usr/bin/env
Current inode: 1940235 Stored inode: 285657
Warning: The file properties have changed:
File: /usr/bin/fgrep
Current inode: 138962461 Stored inode: 616618
Warning: The file properties have changed:
File: /usr/bin/file
Current inode: 308772 Stored inode: 281868
Warning: The file properties have changed:
File: /usr/bin/find
Current inode: 2002159004 Stored inode: 616603
Warning: The file properties have changed:
File: /usr/bin/grep
Current inode: 138962501 Stored inode: 616619
Warning: The file properties have changed:
File: /usr/bin/groups
Current inode: 1940307 Stored inode: 285663
Warning: The file properties have changed:
File: /usr/bin/head
Current inode: 1940285 Stored inode: 285664
Warning: The file properties have changed:
File: /usr/bin/id
Current inode: 1940267 Stored inode: 285665
Warning: The file properties have changed:
File: /usr/bin/killall
Current inode: 35466278 Stored inode: 617129
Warning: The file properties have changed:
File: /usr/bin/last
Current inode: 27428192 Stored inode: 617200
Warning: The file properties have changed:
File: /usr/bin/lastlog
Current inode: 823263 Stored inode: 617673
Warning: The file properties have changed:
File: /usr/bin/ldd
Current inode: 956189 Stored inode: 281490
Warning: The file properties have changed:
File: /usr/bin/less
Current inode: 235210870 Stored inode: 283310
Warning: The file properties have changed:
File: /usr/bin/lsattr
Current inode: 256773875 Stored inode: 616595
Warning: The file properties have changed:
File: /usr/bin/lsof
Current inode: 120766578 Stored inode: 281624
Warning: The file properties have changed:
File: /usr/bin/lynx
Current inode: 28124859 Stored inode: 284180
Warning: The file properties have changed:
File: /usr/bin/mail
Current inode: 1019221244 Stored inode: 617746
Warning: The file properties have changed:
File: /usr/bin/md5sum
Current inode: 1940249 Stored inode: 285670
Warning: The file properties have changed:
File: /usr/bin/newgrp
Current inode: 823266 Stored inode: 617674
Warning: The file properties have changed:
File: /usr/bin/passwd
Current inode: 823264 Stored inode: 617675
Warning: The file properties have changed:
File: /usr/bin/perl
Current inode: 61879604 Stored inode: 283075
Warning: The file properties have changed:
File: /usr/bin/pstree
Current inode: 35466280 Stored inode: 617132
Warning: The file properties have changed:
File: /usr/bin/readlink
Current inode: 1940228 Stored inode: 285683
Warning: The file properties have changed:
File: /usr/bin/sed
Current inode: 138658881 Stored inode: 616660
Warning: The file properties have changed:
File: /usr/bin/sh
Current inode: 155989642 Stored inode: 282055
Warning: The file properties have changed:
File: /usr/bin/sha1sum
Current inode: 1940222 Stored inode: 285685
Warning: The file properties have changed:
File: /usr/bin/size
Current inode: 1334334447 Stored inode: 282919
Warning: The file properties have changed:
File: /usr/bin/sort
Current inode: 1940216 Stored inode: 285692
Warning: The file properties have changed:
File: /usr/bin/stat
Current inode: 1940293 Stored inode: 285694
Warning: The file properties have changed:
File: /usr/bin/strace
Current inode: 1225163510 Stored inode: 281932
Warning: The file properties have changed:
File: /usr/bin/strings
Current inode: 1334334510 Stored inode: 282920
Warning: The file properties have changed:
File: /usr/bin/sudo
Current inode: 22501732 Stored inode: 283333
Warning: The file properties have changed:
File: /usr/bin/tail
Current inode: 1940251 Stored inode: 285698
Warning: The file properties have changed:
File: /usr/bin/test
Current inode: 1940290 Stored inode: 285700
Warning: The file properties have changed:
File: /usr/bin/top
Current inode: 5030114 Stored inode: 617123
Warning: The file properties have changed:
File: /usr/bin/touch
Current inode: 1940215 Stored inode: 285701
Warning: The file properties have changed:
File: /usr/bin/tr
Current inode: 1940253 Stored inode: 285702
Warning: The file properties have changed:
File: /usr/bin/uniq
Current inode: 1940248 Stored inode: 285706
Warning: The file properties have changed:
File: /usr/bin/users
Current inode: 1940254 Stored inode: 285709
Warning: The file properties have changed:
File: /usr/bin/vmstat
Current inode: 5030116 Stored inode: 617124
Warning: The file properties have changed:
File: /usr/bin/w
Current inode: 5030121 Stored inode: 617125
Warning: The file properties have changed:
File: /usr/bin/watch
Current inode: 5030112 Stored inode: 617126
Warning: The file properties have changed:
File: /usr/bin/wc
Current inode: 1940225 Stored inode: 285711
Warning: The file properties have changed:
File: /usr/bin/wget
Current inode: 403509134 Stored inode: 616666
Warning: The file properties have changed:
File: /usr/bin/whatis
Current inode: 696282401 Stored inode: 617279
Warning: The file properties have changed:
File: /usr/bin/whereis
Current inode: 153843626 Stored inode: 283388
Warning: The file properties have changed:
File: /usr/bin/which
Current inode: 153843632 Stored inode: 283389
Warning: The file properties have changed:
File: /usr/bin/who
Current inode: 1940280 Stored inode: 285712
Warning: The file properties have changed:
File: /usr/bin/whoami
Current inode: 1940244 Stored inode: 285713
Warning: The file properties have changed:
File: /usr/bin/gawk
Current inode: 529951816 Stored inode: 616606
Warning: The file properties have changed:
File: /usr/bin/tcsh
Current inode: 13395510 Stored inode: 283353
Warning: The file properties have changed:
File: /usr/bin/mailx
Current inode: 1019221264 Stored inode: 617747
Warning: The file properties have changed:
File: /sbin/checkproc
Current inode: 27428216 Stored inode: 795093
Warning: The file properties have changed:
File: /sbin/chkconfig
Current inode: 919745 Stored inode: 795393
Warning: The file properties have changed:
File: /sbin/depmod
Current inode: 19285365 Stored inode: 795248
Warning: The file properties have changed:
File: /sbin/ifconfig
Current inode: 1060820459 Stored inode: 794988
Warning: The file properties have changed:
File: /sbin/ifdown
Current inode: 1788692704 Stored inode: 795285
Warning: The file properties have changed:
File: /sbin/ifstatus
Current inode: 1788692705 Stored inode: 795290
Warning: The file properties have changed:
File: /sbin/ifup
Current inode: 1788683027 Stored inode: 795292
Warning: The file properties have changed:
File: /sbin/init
Current inode: 27428203 Stored inode: 795096
Warning: The file properties have changed:
File: /sbin/insmod
Current inode: 19285362 Stored inode: 795250
Warning: The file properties have changed:
File: /sbin/ip
Current inode: 523220622 Stored inode: 795000
Warning: The file properties have changed:
File: /sbin/lsmod
Current inode: 19285344 Stored inode: 795252
Warning: The file properties have changed:
File: /sbin/modinfo
Current inode: 19285366 Stored inode: 795253
Warning: The file properties have changed:
File: /sbin/modprobe
Current inode: 19285363 Stored inode: 795254
Warning: The file properties have changed:
File: /sbin/nologin
Current inode: 134823065 Stored inode: 795236
Warning: The file properties have changed:
File: /sbin/rmmod
Current inode: 19285364 Stored inode: 795255
Warning: The file properties have changed:
File: /sbin/runlevel
Current inode: 27428209 Stored inode: 795105
Warning: The file properties have changed:
File: /sbin/sulogin
Current inode: 27428210 Stored inode: 795113
Warning: The file properties have changed:
File: /sbin/sysctl
Current inode: 5030109 Stored inode: 795080
Warning: The file properties have changed:
File: /usr/sbin/cron
Current inode: 180552508 Stored inode: 285844
Warning: The file properties have changed:
File: /usr/sbin/groupadd
Current inode: 823284 Stored inode: 48861
Warning: The file properties have changed:
File: /usr/sbin/groupdel
Current inode: 823276 Stored inode: 48863
Warning: The file properties have changed:
File: /usr/sbin/groupmod
Current inode: 823270 Stored inode: 48864
Warning: The file properties have changed:
File: /usr/sbin/grpck
Current inode: 823153 Stored inode: 48865
Warning: The file properties have changed:
File: /usr/sbin/pwck
Current inode: 823279 Stored inode: 48868
Warning: The file properties have changed:
File: /usr/sbin/tcpd
Current inode: 2498999 Stored inode: 282414
Warning: The file properties have changed:
File: /usr/sbin/useradd
Current inode: 823274 Stored inode: 48873
Warning: The file properties have changed:
File: /usr/sbin/userdel
Current inode: 823277 Stored inode: 48875
Warning: The file properties have changed:
File: /usr/sbin/usermod
Current inode: 823155 Stored inode: 48878
Warning: The file properties have changed:
File: /usr/sbin/vipw
Current inode: 823282 Stored inode: 48881
Warning: The file properties have changed:
File: /usr/sbin/xinetd
Current inode: 34520484 Stored inode: 48788
I am still playing around trying to find the answer for the ssh warning.
Mark
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Rkhunter-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
