Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
1) /usr/bin/file - BAD Note, I think this file was just updated in one of the recent YOU updates....
Checking for differences in user accounts... Found differences
> news:x:9:13:News system:/etc/news:/bin/bash
> uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash
> man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash
< man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash
< news:x:9:13:News system:/etc/news:/bin/bash
< uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash
Info: Some items have been added (items marked with '<')
Info: Some items have been removed (items marked with '>')
I ran into the same problem when i ran rkhunter, I'm using slackware and updated to 'current' and now i get some 'bin' files are bad check md5 checksums etc. Did some google research and found out from Pat that more than likely its from rkhunter not recognizing current files.
I'd fill out the contact form (on the rkhunter website) and report this issue to the author of rkhunter. I use it too and noticed the same thing following a recent YOU/YaST update(s) including a recent upgrade to KDE 3.3.2. I tried the ./rkhunter --update (Run update tool and check for database updates) but still saw the "file" listed as [BAD].
The more people who respond directly to the author, the quicker issues like this will be resolved.
Last edited by furfurdemon666; 12-14-2004 at 07:57 PM.