LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 12-02-2007, 04:15 PM   #1
radiodee1
Member
 
Registered: Oct 2006
Location: New York
Distribution: Debian
Posts: 673
Blog Entries: 11

Rep: Reputation: 36
rkhunter and perl


I wasn't sure which forum to post this in... I'm using rkhunter for the first time. I use debian lenny. My daily report from rkhunter says that /usr/bin/perl has changed on a daily basis for about a week. Every day the hash, the inode, and the file size change. Why should this be? I thought perl was a programming language. I don't think I consciously use perl. Why is it changing? Do I have some sort of problem? Thanks in advance.
 
Old 12-02-2007, 05:44 PM   #2
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Lubuntu
Posts: 19,176
Blog Entries: 4

Rep: Reputation: 430Reputation: 430Reputation: 430Reputation: 430Reputation: 430
Moved: This thread is more suitable in Linux-Security and has been moved accordingly to help your thread/question get the exposure it deserves.
 
Old 12-02-2007, 06:08 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,693
Blog Entries: 54

Rep: Reputation: 2957Reputation: 2957Reputation: 2957Reputation: 2957Reputation: 2957Reputation: 2957Reputation: 2957Reputation: 2957Reputation: 2957Reputation: 2957Reputation: 2957
Quote:
Originally Posted by radiodee1 View Post
My daily report from rkhunter says that /usr/bin/perl has changed on a daily basis for about a week. Every day the hash, the inode, and the file size change. (..) Why is it changing? Do I have some sort of problem?
Check if you use prelinking (/etc/cron.daily/prelink ?) then read the (local or on-line) FAQ: "4.4) I use prelinking, but after performing some updates, all, or some, binaries are 'BAD' when running the MD5 hash check." If that's not a case of prelinking, upgrade Rootkit Hunter to "current" aka version 1.3.0 since it improved a lot. If after reading the 1.3.0 docs and adjusting your new rkhunter.conf *that* doesn't fix things, register with the Rootkit Hunter users mailing list at Sourceforge and post there, preferably with a log attached.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
rkhunter lumiwa Linux - Newbie 1 09-17-2007 09:51 PM
rkhunter atlaika Linux - Security 7 11-29-2005 11:47 AM
rkhunter found the following monroetech Linux - Security 3 12-20-2004 09:51 PM
rkhunter phatbastard Linux - Security 3 12-08-2004 10:44 PM
perl(Cwd) perl(File::Basename) perl(File::Copy) perl(strict)....What are those? Baldorg Linux - Software 1 11-09-2003 09:09 PM


All times are GMT -5. The time now is 09:16 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration