Hi all.
Last night I received the classic rkhunter's email with several warnings inside:
Quote:
Warning: The file properties have changed:
File: /bin/awk
Current hash: Unavailable
Stored hash : b7099b4cc99ad98f476292f4d57cc65ea6baf8c3
Try running the command 'prelink /bin/awk' to resolve dependency errors.
Warning: The file properties have changed:
File: /bin/cp
Current hash: Unavailable
Stored hash : f5dfabb5f556ea09d1fd2cb5f632929db7d45827
Try running the command 'prelink /bin/cp' to resolve dependency errors.
Warning: The file properties have changed:
File: /bin/date
Current hash: Unavailable
Stored hash : a5376983f37283df3533032ee3a0435a78a9090c
Try running the command 'prelink /bin/date' to resolve dependency errors.
|
and so on..
Why rkhunter isn't able to calculate the hash of those files and compare it with the stored one?
Other strange thing: for the "good" file, the hash is often different!
For example, in the last rkhunter.log, /bin/awk is "good".
But:
Quote:
# sha1sum /bin/awk
e0b0457c6c7cc502eb038a663423b5700a25c058 /bin/awk
|
Quote:
# grep /bin/awk /var/lib/rkhunter/db/rkhunter.dat
File:/bin/awk:b7099b4cc99ad98f476292f4d57cc65ea6baf8c3:32539:0777:0:0:4:1260221563::
File:/usr/bin/awk:b7099b4cc99ad98f476292f4d57cc65ea6baf8c3:798583:0777:0:0:14:1260221584::
|
So, if the sha1sum is different, why rkhunter tell me that awk is secure?
Thankyou very much!
I