Originally Posted by radiodee1
My daily report from rkhunter says that /usr/bin/perl has changed on a daily basis for about a week. Every day the hash, the inode, and the file size change. (..) Why is it changing? Do I have some sort of problem?
Check if you use prelinking (/etc/cron.daily/prelink ?) then read the (local or on-line) FAQ
: "4.4) I use prelinking, but after performing some updates, all, or some, binaries are 'BAD' when running the MD5 hash check." If that's not a case of prelinking, upgrade Rootkit Hunter to "current" aka version 1.3.0 since it improved a lot. If after reading the 1.3.0 docs and adjusting your new rkhunter.conf *that* doesn't fix things, register with the Rootkit Hunter users mailing list at Sourceforge and post there, preferably with a log attached.